The Automatic Identification of Malware Packers

Project Title:

The Automatic Identification of Malware Packers


Dr Iqbal Gondal (SoEITPS), Dr Peter Vamplew (SoEITPS)

Contact Person:

Project Brief

A large proportion of commodity malware is packed, that is, encrypted or compressed in order to prevent identification. Packed malware contains an unpacking stub that is responsible for unpacking the malware to memory and starting execution. Approximately 3000 packers have been identified, packers are used by legitimate software publishers to protect intellectual property as well as by criminal groups to hinder analysis. The packer(s) used by a criminal group is one of the variables that can be tracked in threat intelligence research and may provide useful in threat attribution. This project requires the creation of features that can be used to identify common malware packers and the evaluation the effectiveness of a variety of machine learning techniques to identify the packer that a malware sample has been packed with.