Assessing static and dynamic features for packing detection
Packing is a widely used obfuscation technique for malware to bypass detection tools and hinder reverse engineering. Existing research has already covered methods to detect packing, both with static and dynamic analysis. These methods are based on various features: headers, entropy, API calls, section permissions, etc. While dynamic features are generally more informative, their contribution compared to static features is not always clear. This paper compares the impact of these static and dynamic features on different machine learning classifiers. We propose a study on different datasets to determine whether the information provided by dynamic analysis outweighs its significant extraction time.
Author(s) not member of CyberExcellence
Dimitri Wauters