Use this URL to cite or link to this record in EThOS:
Title: Detection of packer based obfuscated executables
Author: Burgess, Colin James
ISNI:       0000 0004 5369 320X
Awarding Body: Queen's University Belfast
Current Institution: Queen's University Belfast
Date of Award: 2014
Availability of Full Text:
Full text unavailable from EThOS. Please contact the current institution’s library for further details.
The landscape of cyber security has changed over the past decade from one of disruption and destruction of data to one of espionage and stealth attacks. The current approach is for malware to disguise itself as a non-threatening piece of code in order to bypass detection. The predominant obfuscation technique is that of Packing. Using this approach, malicious files encrypt and compress the malevolent code and store it within the contents of another executable whose sole purpose is to decrypt and execute the code. Utilising this approach removes any mal ware signatures or signs of nefarious intent, as the code is now scrambled. A large number of packers are available online for use or customisation which helps to explain why the vast majority of malware found in the wild is discovered in packed form The research in this thesis addresses the issue of uncovering those executable files which are packed. Being able to detect a packed executable file is a strong indicator that it is potentially a piece of mal ware. The approaches examined in this thesis utilise static analysis techniques to inspect the contents of a suspicious file so it can be classified as packed or non-packed. Utilising this approach does not require the file to be' executed at any stage and therefore minimises the computational overheads associated with doing so as well as reducing the risk of an infection caused by a running instance of mal ware. The use on entropy scoring as a metric for classification is examined and extended upon to produce new detection methodologies. This work also utilises steganalysis techniques to aid in the detection of packed executables with an impressive outcome. The research has contributed new effective methods for malware detection while significantly reducing the complexity and cost for detection.
Supervisor: Not available Sponsor: Not available
Qualification Name: Thesis (Ph.D.) Qualification Level: Doctoral
EThOS ID:  DOI: Not available