Code Obfuscator Classification System Based on Static Analysis
碩士 === 國立臺灣科技大學 === 資訊工程系 === 100 === In the recent years, most malwares have been packed, and it becomes quite hard for the reverse-engineering of malwares due to the rapid evolution of packing techniques. The goal of the proposed method is to classify the packer types of the packed malwares. For t...
| Main Authors: | , |
|---|---|
| Other Authors: | |
| Format: | Others |
| Language: | zh-TW |
| Published: |
2012
|
| Online Access: | http://ndltd.ncl.edu.tw/handle/4b46vu |
| Summary: | 碩士 === 國立臺灣科技大學 === 資訊工程系 === 100 === In the recent years, most malwares have been packed, and it becomes quite hard for the reverse-engineering of malwares due to the rapid evolution of packing techniques. The goal of the proposed method is to classify the packer types of the packed malwares. For the proposed method, not only the known packers can be classified but the unknown packers can be classified too. To classify the unknown packers is very useful for the virus analyzers to speed up unpacking malwares using unknown packers. For the the detection of packed executables, we use the content of PE table to detect if an executable is packed or not and the encrypted sections of an executable are detected by information entropy. For the classification of packers, we first use the imported application programming interfaces and the information entropy of entry point as the features. Then we use X-means and SVM to classify the packers based on the obtained features. The experiment results show that it is quite useful to identify if an executable is packed or not using the content of PE table as features. Also the combination of X-means and SVM techniques are good for the classification of packers.
|
|---|