{"title":"基于XGBoost的入口点封隔器识别研究","authors":"Sejin Kim, Taejin Lee","doi":"10.1145/3440943.3444358","DOIUrl":null,"url":null,"abstract":"With the development of IT technology, the number of new and variant malware is rapidly increasing. Malware developers make it difficult to analyze malware by applying techniques such as packing and obfuscation. In this paper, packing file detection and packer identification were tested using N bytes of data extracted from the entry point of the PE file as a feature. To verify the feature performance, the ensemble model XGBoost algorithm was used. As a result, the packing file was detected with an accuracy of 97.45% and the packer was identified with an accuracy of 98.41%. Through the experiment, it was confirmed that the feature extracted from the entry point is significant for the packing file detection and the packer detection.","PeriodicalId":310247,"journal":{"name":"Proceedings of the 2020 ACM International Conference on Intelligent Computing and its Emerging Applications","volume":"3 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-12-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"XGBoost based Packer Identification study using Entry point\",\"authors\":\"Sejin Kim, Taejin Lee\",\"doi\":\"10.1145/3440943.3444358\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"With the development of IT technology, the number of new and variant malware is rapidly increasing. Malware developers make it difficult to analyze malware by applying techniques such as packing and obfuscation. In this paper, packing file detection and packer identification were tested using N bytes of data extracted from the entry point of the PE file as a feature. To verify the feature performance, the ensemble model XGBoost algorithm was used. As a result, the packing file was detected with an accuracy of 97.45% and the packer was identified with an accuracy of 98.41%. Through the experiment, it was confirmed that the feature extracted from the entry point is significant for the packing file detection and the packer detection.\",\"PeriodicalId\":310247,\"journal\":{\"name\":\"Proceedings of the 2020 ACM International Conference on Intelligent Computing and its Emerging Applications\",\"volume\":\"3 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2020-12-12\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 2020 ACM International Conference on Intelligent Computing and its Emerging Applications\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3440943.3444358\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 2020 ACM International Conference on Intelligent Computing and its Emerging Applications","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3440943.3444358","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
XGBoost based Packer Identification study using Entry point
With the development of IT technology, the number of new and variant malware is rapidly increasing. Malware developers make it difficult to analyze malware by applying techniques such as packing and obfuscation. In this paper, packing file detection and packer identification were tested using N bytes of data extracted from the entry point of the PE file as a feature. To verify the feature performance, the ensemble model XGBoost algorithm was used. As a result, the packing file was detected with an accuracy of 97.45% and the packer was identified with an accuracy of 98.41%. Through the experiment, it was confirmed that the feature extracted from the entry point is significant for the packing file detection and the packer detection.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
