Skip to Main content Skip to Navigation
Conference papers

SE-PAC: A Self-Evolving PAcker Classifier against rapid packers evolution

Lamine Noureddine 1 Annelie Heuser 2 Cassius Puodzius 1 Olivier Zendra 1
1 DiverSe - Diversity-centric Software Engineering
Inria Rennes – Bretagne Atlantique , IRISA-D4 - LANGAGE ET GÉNIE LOGICIEL
Abstract : Packers are widespread tools used by malware authors to hinder static malware detection and analysis. Identifying the packer used to pack a malware is essential to properly unpack and analyze the malware, be it manually or automatically. While many well-known packers are used, there is a growing trend for new custom packers that make malware analysis and detection harder. Research works have been very effective in identifying known packers or their variants, with signature-based, supervised machine learning or similarity-based techniques. However, identifying new packer classes remains an open problem. This paper presents a self-evolving packer classifier that provides an effective, incremental, and robust solution to cope with the rapid evolution of packers. We propose a composite pairwise distance metric combining different types of packer features. We derive an incremental clustering approach able to identify both (variants of) known packer classes and new ones, as well as to update clusters automatically and efficiently. Our system thus continuously enhances, integrates, adapts and evolves packer knowledge. Moreover, to optimize post clustering packer processing costs, we introduce a new post clustering strategy for selecting small subsets of relevant samples from the clusters. Our approach effectiveness and time-resilience are assessed with: 1) a real-world malware feed dataset composed of 16k packed binaries, comprising 29 unique packers, and 2) a synthetic dataset composed of 19k manually crafted packed binaries, comprising 31 unique packers (including custom ones).
Complete list of metadata

https://hal.inria.fr/hal-03149211
Contributor : Lamine Noureddine <>
Submitted on : Monday, February 22, 2021 - 7:37:26 PM
Last modification on : Friday, April 16, 2021 - 1:42:17 PM

File

SE-PAC.pdf
Files produced by the author(s)

Identifiers

Citation

Lamine Noureddine, Annelie Heuser, Cassius Puodzius, Olivier Zendra. SE-PAC: A Self-Evolving PAcker Classifier against rapid packers evolution. CODASPY '21 - 11th ACM Conference on Data and Application Security and Privacy, Apr 2021, Virtual Event, United States. pp.1-12, ⟨10.1145/3422337.3447848⟩. ⟨hal-03149211⟩

Share

Metrics

Record views

107

Files downloads

249