Packed PE file detection for malware forensics

Seungwon Han, Keungi Lee, Sangjin Lee

Research output: Chapter in Book/Report/Conference proceedingConference contribution

8 Citations (Scopus)

Abstract

In malware accident investigation, the most important thing is detection of malicious code. Signature based anti-virus software have been used in most of the accident. Malware can easily avoid signature based detection by using packing or encryption method. Because of this, packed file detection is also important. Detection methods can be divided into signature based detection and entropy based detection. Signature based detection can not detect new packing. And entropy based detection has a problem with false positive. We provides detection method using entropy statistics of the entry point section and 'write' properties of essential characteristic of packed file. And then, we show packing detection tool and evaluate its performance.

Original languageEnglish
Title of host publicationProceedings of the 2009 2nd International Conference on Computer Science and Its Applications, CSA 2009
DOIs
Publication statusPublished - 2009
Event2009 2nd International Conference on Computer Science and Its Applications, CSA 2009 - Jeju Island, Korea, Republic of
Duration: 2009 Dec 102009 Dec 12

Publication series

NameProceedings of the 2009 2nd International Conference on Computer Science and Its Applications, CSA 2009

Other

Other2009 2nd International Conference on Computer Science and Its Applications, CSA 2009
CountryKorea, Republic of
CityJeju Island
Period09/12/1009/12/12

Keywords

  • Component
  • Entropy
  • Malware forensics
  • PE file analysis
  • Packing detection

ASJC Scopus subject areas

  • Computational Theory and Mathematics
  • Computer Science Applications

Fingerprint Dive into the research topics of 'Packed PE file detection for malware forensics'. Together they form a unique fingerprint.

  • Cite this

    Han, S., Lee, K., & Lee, S. (2009). Packed PE file detection for malware forensics. In Proceedings of the 2009 2nd International Conference on Computer Science and Its Applications, CSA 2009 [5404211] (Proceedings of the 2009 2nd International Conference on Computer Science and Its Applications, CSA 2009). https://doi.org/10.1109/CSA.2009.5404211