Title :
Efficient Malware Packer Identification Using Support Vector Machines with Spectrum Kernel
Author :
Tao Ban ; Isawa, Ryoichi ; Shanqing Guo ; Inoue, Daisuke ; Nakao, Kengo
Author_Institution :
Nat. Inst. of Inf. & Commun. Technol., Koganei, Japan
Abstract :
Packing is among the most popular obfuscation techniques to impede anti-virus scanners from successfully detecting malware. Efficient and automatic packer identification is an essential step to perform attack on ever increasing malware databases. In this paper we present a p-spectrum induced linear Support Vector Machine to implement an automated packer identification with good accuracy and scalability. The efficacy and efficiency of the method is evaluated on a dataset composed of 3228 packed files created by 25 packers with near-perfect identification results reported. This method can help to improve the scanning efficiency of anti-virus products and ease efficient back-end malware research.
Keywords :
computer viruses; database management systems; support vector machines; SVM; antivirus products; automatic packer identification; back-end malware research; malware databases; malware packer identification; p-spectrum induced linear support vector machine; scanning efficiency improvement; spectrum kernel; Feature extraction; Kernel; Malware; Support vector machines; Testing; Training; Vectors; Malware analysis; p-spectrum kernel; packer identification; support vector machine;
Conference_Titel :
Information Security (Asia JCIS), 2013 Eighth Asia Joint Conference on
Conference_Location :
Seoul
DOI :
10.1109/ASIAJCIS.2013.18
