Title :
SoK: Deep Packer Inspection: A Longitudinal Study of the Complexity of Run-Time Packers
Author :
Ugarte-Pedrero, Xabier ; Balzarotti, Davide ; Santos, Igor ; Bringas, Pablo G.
Author_Institution :
DeustoTe, Univ. of Deusto, Bilbao, Spain
Abstract :
Run-time packers are often used by malware-writers to obfuscate their code and hinder static analysis. The packer problem has been widely studied, and several solutions have been proposed in order to generically unpack protected binaries. Nevertheless, these solutions commonly rely on a number of assumptions that may not necessarily reflect the reality of the packers used in the wild. Moreover, previous solutions fail to provide useful information about the structure of the packer or its complexity. In this paper, we describe a framework for packer analysis and we propose a taxonomy to measure the runtime complexity of packers. We evaluated our dynamic analysis system on two datasets, composed of both off-the-shelf packers and custom packed binaries. Based on the results of our experiments, we present several statistics about the packers complexity and their evolution over time.
Keywords :
invasive software; SoK; code obfuscation; custom packed binaries; deep packer inspection; dynamic analysis system; malware-writers; off-the-shelf packers; packer analysis; packer problem; packer structure; run-time packers complexity; Complexity theory; Instruments; Malware; Memory management; Monitoring; Runtime; Taxonomy; custom packer; malware analysis; unpacking;
Conference_Titel :
Security and Privacy (SP), 2015 IEEE Symposium on
Conference_Location :
San Jose, CA
