DocumentCode
567176
Title
The study of evasion of packed PE from static detection
Author
Baig, Mirza ; Zavarsky, Pavol ; Ruhl, Ron ; Lindskog, Dale
Author_Institution
Inf. Syst. Security Manage., Concordia Univ. Coll. of Alberta, Edmonton, AB, Canada
fYear
2012
fDate
10-12 June 2012
Firstpage
99
Lastpage
104
Abstract
Static detection of packed portable executables (PEs) relies primarily on structural properties of the packed PE, and also on anomalies in the packed PE caused by packing tools. This paper outlines weaknesses in this method of detection. We show that these structural properties and anomalies are contingent features of the executable, and can be more or less easily modified to evade static detection.
Keywords
invasive software; malware; packed portable executable; packing tool; static detection; structural property; Entropy; IEEE Xplore; Internet; Malware; Permission; Standards; entropy; import address table; obfuscation; static detection;
fLanguage
English
Publisher
ieee
Conference_Titel
Internet Security (WorldCIS), 2012 World Congress on
Conference_Location
Guelph, ON
Print_ISBN
978-1-4673-1108-3
Type
conf
Filename
6280206
Link To Document