All-in-One Framework for Detection, Unpacking, and Verification for Malware Analysis

<table class="table-group" id="tab1"><tr><td><table class="table"><tr><td class="thead-hr" colspan="3"><hr/></td></tr><tr class="thead"><td class="align_left">Observation</td><td class="align_center">Explanation</td><td class="align_center">Solution</td></tr><tr><td class="thead-hr" colspan="3"><hr/></td></tr><tr><td class="align_left">No phase integration</td><td class="align_center">Unpacking-related three phases are separately developed</td><td class="align_center">Adopt an all-in-one approach integrating all three phases</td></tr><tr><td class="align_left" colspan="3"><hr/></td></tr><tr><td class="align_left">No detection combination</td><td class="align_center">There is no attempt to combine various existing methods for packing detection</td><td class="align_center">Combine four packing detection methods to improve detection accuracy</td></tr><tr><td class="align_left" colspan="3"><hr/></td></tr><tr><td class="align_left">No real-restoration</td><td class="align_center">Main goal is to find OEP</td><td class="align_center">Restore unpacked files by performing actual unpacking as well as finding OEP</td></tr><tr><td class="align_left" colspan="3"><hr/></td></tr><tr><td class="align_left">No unpacking verification</td><td class="align_center">There is no quantitative way to verify the restoration accuracy</td><td class="align_center">Present a verification algorithm to evaluate the accuracy of unpacking results</td></tr><tr class="table-tr"><td colspan="3"><hr class="tbody-hr"/></td></tr></table></td></tr></table>

<div>Observations and solutions for the proposed all-in-one unpacking system.</div>

Security and Communication Networks

tab1

Table 1

Table 1: All-in-One Framework for Detection, Unpacking, and Verification for Malware Analysis 