P-SPADE: GPU accelerated malware packer detection

Packed malware imposes negative impact on the accuracy of AV scanners. It is essential for a security researcher to nullify the effects of packing tools, prior to malware detection. Numerous open and commercial packers are available to facilitate unwelcome intentions of malware authors. Thus, identification of packers becomes necessary phase prior to malware scanning. In this paper, we have proposed a GPGPU based approach for accelerating our previous signature based packer detection (SPADE) [1] method. SPADE generates packer signature by utilizing the intra-family malware alignments. It makes use of Smith-Waterman algorithm to reveal the actual relationship among the packer family samples and achieves high detection rate as compared to other packer detection tools. The use of Smith-Waterman comes with a trade off between accuracy and high computational complexity. So, we have implemented a parallel version of Smith-Waterman to improve the signature generation phase of SPADE. Our GPU based approach (O(m+n)) produces 14.89X to 49.91X speedup over CPU based implementation of SPADE preserving detection accuracy. Moreover, the proposed approach opens up new domain of applying GPUs to the existing signature based approaches for malware detection where signature database updation is done on daily basis.