All-in-One Framework for Detection, Unpacking, and Verification for Malware Analysis

<table class="table-group" id="tab3"><tr><td><table class="table"><tr><td class="thead-hr" colspan="2"><hr/></td></tr><tr class="thead"><td class="align_left">Analytical phase</td><td class="align_center">Techniques used or proposed</td></tr><tr><td class="thead-hr" colspan="2"><hr/></td></tr><tr><td class="align_left" rowspan="4">Detection</td><td class="align_center">(i) EP Section test to be proposed in Section <a href="https://static.hindawi.com/articles/scn/volume-2019/5278137/figures/#sec4.1" target="_blank">4.1</a></td></tr><tr><td class="align_center">(ii) Signature test [<a href="/journals/scn/2019/5278137/#B23" target="_blank">23</a>]</td></tr><tr><td class="align_center">(iii) WRITE attribute test [<a href="/journals/scn/2019/5278137/#B16" target="_blank">16</a>]</td></tr><tr><td class="align_center">(iv) Entropy test [<a href="/journals/scn/2019/5278137/#B17" target="_blank">17</a>]</td></tr><tr><td class="align_left" colspan="2"><hr/></td></tr><tr><td class="align_left" rowspan="2">Unpacking</td><td class="align_center">(i) Static—library-based unpacking [<a href="/journals/scn/2019/5278137/#B33" target="_blank">33</a>]</td></tr><tr><td class="align_center">(ii) Dynamic—entropy change-based unpacking [<a href="/journals/scn/2019/5278137/#B14" target="_blank">14</a>, <a href="/journals/scn/2019/5278137/#B27" target="_blank">27</a>]</td></tr><tr><td class="align_left" colspan="2"><hr/></td></tr><tr><td class="align_left">Verification</td><td class="align_center">Verification algorithm to be proposed in Section <a href="https://static.hindawi.com/articles/scn/volume-2019/5278137/figures/#sec4.3" target="_blank">4.3</a></td></tr><tr class="table-tr"><td colspan="2"><hr class="tbody-hr"/></td></tr></table></td></tr></table>

<div>Existing or proposed techniques used in each phase of the all-in-one unpacking system.</div>

Security and Communication Networks

tab3

Table 3

Table 3: All-in-One Framework for Detection, Unpacking, and Verification for Malware Analysis 