MLxPack: Investigating the Effects of Packers on ML-based Malware Detection Systems Using Static and Dynamic Traits

Qirui Sun; Mohammed Abuhamad; Eldor Akbukhamidov; Eric Chan-Tin; Tamer Abuhmed

doi:10.1145/3494108.3522768

MLxPack: Investigating the Effects of Packers on ML-based Malware Detection Systems Using Static and Dynamic Traits

Qirui Sun, Mohammed Abuhamad, Eldor Akbukhamidov, Eric Chan-Tin, Tamer Abuhmed

Department of Computer Science

Sung Kyun Kwan University

Research output: Chapter in Book/Report/Conference proceeding › Chapter

Abstract

Malware is one of the serious computer security threats. To protect computers from infection, accurate detection of malware is essential. At the same time, malware detection faces two main practical challenges: the speed of malware development and their distribution continues to increase with complex methods to evade detection (such as a metamorphic or polymorphic malware). This research utilizes various characterizing features extracted from each malware using static and dynamic analysis to build seven machine learning models to detect and analyze packed windows malware. We use a large-scale dataset of over 107,000 samples covering unpacked and packed malware using ten different packers. We examined the performance of seven machine learning techniques using 50 dynamic and static features. Our results show that packed malware can circumvent detection when a single analysis is performed while applying both static and dynamic methods can help improve the detection accuracy around 2% to 3%.

Original language	American English
Title of host publication	CySSS '22: Proceedings of the 1st Workshop on Cybersecurity and Social Sciences
DOIs	https://doi.org/10.1145/3494108.3522768
State	Published - May 2022

Keywords

software packing
malware detection
machine learning

Disciplines

Physical Sciences and Mathematics
Computer Sciences
Information Security

Access to Document

10.1145/3494108.3522768License: Unspecified

Cite this

@inbook{97f593b8c65d479c98f69ec874a33e16,

title = "MLxPack: Investigating the Effects of Packers on ML-based Malware Detection Systems Using Static and Dynamic Traits",

abstract = " Malware is one of the serious computer security threats. To protect computers from infection, accurate detection of malware is essential. At the same time, malware detection faces two main practical challenges: the speed of malware development and their distribution continues to increase with complex methods to evade detection (such as a metamorphic or polymorphic malware). This research utilizes various characterizing features extracted from each malware using static and dynamic analysis to build seven machine learning models to detect and analyze packed windows malware. We use a large-scale dataset of over 107,000 samples covering unpacked and packed malware using ten different packers. We examined the performance of seven machine learning techniques using 50 dynamic and static features. Our results show that packed malware can circumvent detection when a single analysis is performed while applying both static and dynamic methods can help improve the detection accuracy around 2% to 3%. ",

keywords = "software packing, malware detection, machine learning",

author = "Qirui Sun and Mohammed Abuhamad and Eldor Akbukhamidov and Eric Chan-Tin and Tamer Abuhmed",

note = "Malware is one of the serious computer security threats. To protect computers from infection, accurate detection of malware is essential. At the same time, malware detection faces two main practical challenges: the speed of malware development and their distribution continues to increase with complex methods to evade detection (such as a metamorphic or polymorphic malware).",

year = "2022",

month = may,

doi = "10.1145/3494108.3522768",

language = "American English",

booktitle = "CySSS '22: Proceedings of the 1st Workshop on Cybersecurity and Social Sciences",

}

TY - CHAP

T1 - MLxPack: Investigating the Effects of Packers on ML-based Malware Detection Systems Using Static and Dynamic Traits

AU - Sun, Qirui

AU - Abuhamad, Mohammed

AU - Akbukhamidov, Eldor

AU - Chan-Tin, Eric

AU - Abuhmed, Tamer

N1 - Malware is one of the serious computer security threats. To protect computers from infection, accurate detection of malware is essential. At the same time, malware detection faces two main practical challenges: the speed of malware development and their distribution continues to increase with complex methods to evade detection (such as a metamorphic or polymorphic malware).

PY - 2022/5

Y1 - 2022/5

N2 - Malware is one of the serious computer security threats. To protect computers from infection, accurate detection of malware is essential. At the same time, malware detection faces two main practical challenges: the speed of malware development and their distribution continues to increase with complex methods to evade detection (such as a metamorphic or polymorphic malware). This research utilizes various characterizing features extracted from each malware using static and dynamic analysis to build seven machine learning models to detect and analyze packed windows malware. We use a large-scale dataset of over 107,000 samples covering unpacked and packed malware using ten different packers. We examined the performance of seven machine learning techniques using 50 dynamic and static features. Our results show that packed malware can circumvent detection when a single analysis is performed while applying both static and dynamic methods can help improve the detection accuracy around 2% to 3%.

AB - Malware is one of the serious computer security threats. To protect computers from infection, accurate detection of malware is essential. At the same time, malware detection faces two main practical challenges: the speed of malware development and their distribution continues to increase with complex methods to evade detection (such as a metamorphic or polymorphic malware). This research utilizes various characterizing features extracted from each malware using static and dynamic analysis to build seven machine learning models to detect and analyze packed windows malware. We use a large-scale dataset of over 107,000 samples covering unpacked and packed malware using ten different packers. We examined the performance of seven machine learning techniques using 50 dynamic and static features. Our results show that packed malware can circumvent detection when a single analysis is performed while applying both static and dynamic methods can help improve the detection accuracy around 2% to 3%.

KW - software packing

KW - malware detection

KW - machine learning

UR - https://dl.acm.org/doi/10.1145/3494108.3522768

U2 - 10.1145/3494108.3522768

DO - 10.1145/3494108.3522768

M3 - Chapter

BT - CySSS '22: Proceedings of the 1st Workshop on Cybersecurity and Social Sciences

ER -

MLxPack: Investigating the Effects of Packers on ML-based Malware Detection Systems Using Static and Dynamic Traits

Abstract

Keywords

Disciplines

Access to Document

Other files and links

Cite this