Assessing the impact of packing on static machine learning-based malware detection and classification systems

IF 4.8 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security Pub Date : 2025-05-06 DOI:10.1016/j.cose.2025.104495

Daniel Gibert , Nikolaos Totosis , Constantinos Patsakis , Quan Le , Giulio Zizzo

{"title":"Assessing the impact of packing on static machine learning-based malware detection and classification systems","authors":"Daniel Gibert , Nikolaos Totosis , Constantinos Patsakis , Quan Le , Giulio Zizzo","doi":"10.1016/j.cose.2025.104495","DOIUrl":null,"url":null,"abstract":"<div><div>The proliferation of malware, particularly through the use of packing, presents a significant challenge to static analysis and signature-based malware detection techniques. Applying packing to the original executable code renders extracting meaningful features and signatures challenging. To deal with the increasing amount of malware in the wild, researchers and anti-malware companies started harnessing machine learning capabilities with very promising results. However, little is known about the effects of packing on static machine learning-based malware detection and classification systems. This work addresses this gap by investigating the impact of packing on the performance of static machine learning-based models used for malware detection and classification, with a particular focus on those using visualization techniques. To this end, we present a comprehensive analysis of various packing techniques and their effects on the performance of machine learning-based detectors and classifiers. Our findings highlight the limitations of current static detection and classification systems and underscore the need to be proactive to effectively counteract the evolving tactics of malware authors.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"156 ","pages":"Article 104495"},"PeriodicalIF":4.8000,"publicationDate":"2025-05-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computers & Security","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S016740482500183X","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

The proliferation of malware, particularly through the use of packing, presents a significant challenge to static analysis and signature-based malware detection techniques. Applying packing to the original executable code renders extracting meaningful features and signatures challenging. To deal with the increasing amount of malware in the wild, researchers and anti-malware companies started harnessing machine learning capabilities with very promising results. However, little is known about the effects of packing on static machine learning-based malware detection and classification systems. This work addresses this gap by investigating the impact of packing on the performance of static machine learning-based models used for malware detection and classification, with a particular focus on those using visualization techniques. To this end, we present a comprehensive analysis of various packing techniques and their effects on the performance of machine learning-based detectors and classifiers. Our findings highlight the limitations of current static detection and classification systems and underscore the need to be proactive to effectively counteract the evolving tactics of malware authors.

查看原文本刊更多论文

评估打包对基于静态机器学习的恶意软件检测和分类系统的影响

恶意软件的扩散，特别是通过使用打包，对静态分析和基于签名的恶意软件检测技术提出了重大挑战。将打包应用于原始可执行代码使得提取有意义的特性和签名变得困难。为了应对日益增多的恶意软件，研究人员和反恶意软件公司开始利用机器学习功能，并取得了非常有希望的结果。然而，关于打包对基于静态机器学习的恶意软件检测和分类系统的影响知之甚少。这项工作通过研究打包对用于恶意软件检测和分类的静态机器学习模型性能的影响来解决这一差距，特别关注那些使用可视化技术的模型。为此，我们全面分析了各种包装技术及其对基于机器学习的检测器和分类器性能的影响。我们的研究结果强调了当前静态检测和分类系统的局限性，并强调了积极主动有效地对抗恶意软件作者不断发展的策略的必要性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Computers & Security 工程技术-计算机：信息系统

CiteScore

12.40

自引率

7.10%

发文量

365

审稿时长

10.7 months

期刊介绍： Computers & Security is the most respected technical journal in the IT security field. With its high-profile editorial board and informative regular features and columns, the journal is essential reading for IT security professionals around the world. Computers & Security provides you with a unique blend of leading edge research and sound practical management advice. It is aimed at the professional involved with computer security, audit, control and data integrity in all sectors - industry, commerce and academia. Recognized worldwide as THE primary source of reference for applied research and technical expertise it is your first step to fully secure systems.