Efficient Malware Packer Identification Using Support Vector Machines with Spectrum Kernel

Tao Ban; Ryoichi Isawa; Shanqing Guo; Daisuke Inoue; Koji Nakao

Efficient Malware Packer Identification Using Support Vector Machines with Spectrum Kernel

Tao Ban, Ryoichi Isawa, Shanqing Guo, Daisuke Inoue, Koji Nakao

Published: 01 Jan 2013, Last Modified: 07 May 2025AsiaJCIS 2013EveryoneRevisionsBibTeXCC BY-SA 4.0

Abstract: Packing is among the most popular obfuscation techniques to impede anti-virus scanners from successfully detecting malware. Efficient and automatic packer identification is an essential step to perform attack on ever increasing malware databases. In this paper we present a p-spectrum induced linear Support Vector Machine to implement an automated packer identification with good accuracy and scalability. The efficacy and efficiency of the method is evaluated on a dataset composed of 3228 packed files created by 25 packers with near-perfect identification results reported. This method can help to improve the scanning efficiency of anti-virus products and ease efficient back-end malware research.

Loading