مرکز منطقه ای اطلاع رساني علوم و فناوري - The study of evasion of packed PE from static detection

DocumentCode :

567176

Title :

The study of evasion of packed PE from static detection

Author :

Baig, Mirza ; Zavarsky, Pavol ; Ruhl, Ron ; Lindskog, Dale

Author_Institution :

Inf. Syst. Security Manage., Concordia Univ. Coll. of Alberta, Edmonton, AB, Canada

fYear :

2012

fDate :

10-12 June 2012

Firstpage :

Lastpage :

104

Abstract :

Static detection of packed portable executables (PEs) relies primarily on structural properties of the packed PE, and also on anomalies in the packed PE caused by packing tools. This paper outlines weaknesses in this method of detection. We show that these structural properties and anomalies are contingent features of the executable, and can be more or less easily modified to evade static detection.

Keywords :

invasive software; malware; packed portable executable; packing tool; static detection; structural property; Entropy; IEEE Xplore; Internet; Malware; Permission; Standards; entropy; import address table; obfuscation; static detection;

fLanguage :

English

Publisher :

ieee

Conference_Titel :

Internet Security (WorldCIS), 2012 World Congress on

Conference_Location :

Guelph, ON

Print_ISBN :

978-1-4673-1108-3

Type :

conf

Filename :

6280206

Link To Document :

https://search.ricest.ac.ir/dl/search/defaultta.aspx?DTC=49&DC=567176