标题：Application of String Kernel based Support Vector Machine for Malware Packer Identification
作者：Ban, Tao; Isawa, Ryoichi; Guo, Shanqing; Inoue, Daisuke; Nakao, Koji
作者机构：[Ban, Tao; Isawa, Ryoichi; Inoue, Daisuke; Nakao, Koji] Natl Inst Informat & Commun Technol, Tokyo, Japan.; [Guo, Shanqing] Shandong Univ, Jinan 250 更多
会议名称：International Joint Conference on Neural Networks (IJCNN)
会议日期：AUG 04-09, 2013
来源：2013 INTERNATIONAL JOINT CONFERENCE ON NEURAL NETWORKS (IJCNN)
摘要：Packing is among the most popular obfuscation techniques to impede anti-virus scanners from successfully detecting malware. In this paper we propose a string-kernelbased support vector machine classifier to identify the packer that is used to create a given malware program. Our approach is featured by the following characteristics. First, the adoption of a string-kernel-based method bridges the gap between signature-based and machine-learning-base approaches. Second, the kernel function derived from the Levenshtein distance integrates important domain knowledge in the learning process. Then, application of support vector machine, a state-of-the-art classifier, enables an automated packer identification scheme with high generalization ability and time efficiency. Finally, selection of the code segment with the most essential packerrelevant information further boosts the classification performance. Experiments on a dataset of 3228 binary programs composed of packed files created by 25 packers show that the proposed approach outperforms PEiD and previous machinelearning-based approaches in prediction accuracy with a large margin. This method can help to improve the scanning efficiency of anti-virus products and promote efficient back-end malware research.