Assessing the impact of packing on static machine learning-based malware detection and classification systems

The proliferation of malware, particularly through the use of packing, presents a significant challenge to static analysis and signature-based malware detection techniques. Applying packing to the original executable code renders extracting meaningful features and signatures challenging. To deal wit...

ver descrição completa

Detalhes bibliográficos
Autores: Gibert, Daniel, Totosis, Nikolaos, Patsakis, Constantinos, Le, Quan, Zizzo, Giulio
Formato: artículo
Estado:Versión publicada
Fecha de publicación:2025
País:España
Recursos:Consejo Superior de Investigaciones Científicas (CSIC)
Repositorio:DIGITAL.CSIC. Repositorio Institucional del CSIC
OAI Identifier:oai:digital.csic.es:10261/392194
Acesso em linha:http://hdl.handle.net/10261/392194
https://api.elsevier.com/content/abstract/scopus_id/105004726845
Access Level:acceso abierto
Palavra-chave:Deep learning
Machine learning
Malware
Malware classification
Malware detection
Packers
Visualization
Descrição
Resumo:The proliferation of malware, particularly through the use of packing, presents a significant challenge to static analysis and signature-based malware detection techniques. Applying packing to the original executable code renders extracting meaningful features and signatures challenging. To deal with the increasing amount of malware in the wild, researchers and anti-malware companies started harnessing machine learning capabilities with very promising results. However, little is known about the effects of packing on static machine learning-based malware detection and classification systems. This work addresses this gap by investigating the impact of packing on the performance of static machine learning-based models used for malware detection and classification, with a particular focus on those using visualization techniques. To this end, we present a comprehensive analysis of various packing techniques and their effects on the performance of machine learning-based detectors and classifiers. Our findings highlight the limitations of current static detection and classification systems and underscore the need to be proactive to effectively counteract the evolving tactics of malware authors.