مرکز منطقه ای اطلاع رساني علوم و فناوري - Two techniques for detecting packed portable executable files

DocumentCode :

3561542

Title :

Two techniques for detecting packed portable executable files

Author :

Saeed, Muhammad Umair ; Lindskog, Dale ; Zavarsky, Pavol ; Ruhl, Ron

Author_Institution :

Inf. Syst. Security Manage., Concordia Univ. Coll. of Alberta, Edmonton, AB, Canada

fYear :

2013

Firstpage :

Lastpage :

Abstract :

Various techniques have been recently proposed to evade static detection of packed portable executable files. In this paper, two such evasion techniques are examined, their limitations are illustrated, and we describe two methods of detection which overcome these evasion techniques. We argue that these methods of detection are not easily evaded.

Keywords :

data encapsulation; file organisation; evasion techniques; import address table; original entry point; static packed portable executable file detection techniques; detection; evasion; import address table; original entry point; packed portable executable;

fLanguage :

English

Publisher :

ieee

Conference_Titel :

Information Society (i-Society), 2013 International Conference on

Type :

conf

Filename :

6636333

Link To Document :

https://search.ricest.ac.ir/dl/search/defaultta.aspx?DTC=49&DC=3561542