Powered by OpenAIRE graph
Found an issue? Give us feedback
image/svg+xml art designer at PLoS, modified by Wikipedia users Nina, Beao, JakobVoss, and AnonMoos Open Access logo, converted into svg, designed by PLoS. This version with transparent background. http://commons.wikimedia.org/wiki/File:Open_Access_logo_PLoS_white.svg art designer at PLoS, modified by Wikipedia users Nina, Beao, JakobVoss, and AnonMoos http://www.plos.org/ ZENODOarrow_drop_down
image/svg+xml art designer at PLoS, modified by Wikipedia users Nina, Beao, JakobVoss, and AnonMoos Open Access logo, converted into svg, designed by PLoS. This version with transparent background. http://commons.wikimedia.org/wiki/File:Open_Access_logo_PLoS_white.svg art designer at PLoS, modified by Wikipedia users Nina, Beao, JakobVoss, and AnonMoos http://www.plos.org/
ZENODO
Software . 2023
License: CC BY
Data sources: ZENODO
ZENODO
Software . 2023
License: CC BY
Data sources: Datacite
ZENODO
Software . 2023
License: CC BY
Data sources: Datacite
 View all 2 versions
Claim

PackGenome: Automatically Generating Robust YARA Rules for Accurate Malware Packer Detection

integration_instructionsResearch softwarekeyboard_double_arrow_right Software 21 Oct 2023Publisher:Zenodo
Authors: Li, Shijia; Ming, Jiang; Qiu, Pengda; Chen, Qiyuan; Liu, Lanqing; Bao, Huaifeng; Wang, Qiang; +1 Authors
Code repository: https://github.com/packgenome/PackGenome-Artifacts

doi: 10.5281/zenodo.10030074 , 10.5281/zenodo.10030073

PackGenome: Automatically Generating Robust YARA Rules for Accurate Malware Packer Detection

Abstract

In our paper, we developed PackGenome to generate YARA rules for accurate packer detection, and compared PackGenome-generated rules with public-available packer signature collections and state-of-the-art automatic rule generation tools. Our artifact provides source code, PackGenome-generated YARA rules, and datasets used in our experiments. Considering our paper's datasets contain real-world Windows (and Linux) malware samples that take over 1 TB of disk space, we provide non-malicious samples in this artifact. In the evaluation, AE reviewers can reproduce three main experiment results of the paper, including: (i) using PackGenome to generate YARA rules from 20 off-the-shelf packers, (ii) comparing PackGenome-generated rules with other rules on the labeled packed samples dataset LPD and the non-packed samples dataset NPD (shown in Table 2 and Table 3 of the paper), and, (iii) using PackGenome to generate YARA rules from 5 inaccessible packers and comparing PackGenome-generated rules with other rules on the inaccessible packer dataset LPD1 (shown in Table 6 of the paper). packgenome.tar is a pre-built docker image with the necessary component to execute the artifact. PackGenome-code.zip contains the source code of PackGenome.

Related Organizations
  • BIP!
    Impact byBIP!
    selected citations
    These citations are derived from selected sources.
    This is an alternative to the "Influence" indicator, which also reflects the overall/total impact of an article in the research community at large, based on the underlying citation network (diachronically).
    		 0
    popularity
    This indicator reflects the "current" impact/attention (the "hype") of an article in the research community at large, based on the underlying citation network.
    		 Average
    influence
    This indicator reflects the overall/total impact of an article in the research community at large, based on the underlying citation network (diachronically).
    		 Average
    impulse
    This indicator reflects the initial momentum of an article directly after its publication, based on the underlying citation network.
    		 Average
Powered by OpenAIRE graph
Found an issue? Give us feedback
selected citations
These citations are derived from selected sources.
This is an alternative to the "Influence" indicator, which also reflects the overall/total impact of an article in the research community at large, based on the underlying citation network (diachronically).
BIP!Citations provided by BIP!
popularity
This indicator reflects the "current" impact/attention (the "hype") of an article in the research community at large, based on the underlying citation network.
BIP!Popularity provided by BIP!
influence
This indicator reflects the overall/total impact of an article in the research community at large, based on the underlying citation network (diachronically).
BIP!Influence provided by BIP!
impulse
This indicator reflects the initial momentum of an article directly after its publication, based on the underlying citation network.
BIP!Impulse provided by BIP!
0
Average
Average
Average