Skip to Main Content

IEEE.org| IEEE Xplore Digital Library| IEEE Standards| IEEE Spectrum| More Sites

Cart (Loading....) | Create Account | Sign In

Author Search^beta | Advanced Search | Preferences | | More Search Options

Browse Conference Publications > Computer Science and its Appl ...

PE File Header Analysis-Based Packed PE File Detection Technique (PHAD)

Full Text Sign-In or Purchase

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Username

Password

Purchase PDF
Other Formats

Formats	Non-Member	Member
PDF	$31	$13

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

Already Purchased? View Article
Subscription Options Learn More

4 Author(s)

Yang-Seo Choi ; Ik-kyun Kim ; Jin-Tae Oh ; Jae-Cheol Ryou

In order to conceal malware, malware authors use the packing and encryption techniques. If the malware is packed or encrypted, then it is very difficult to analyze. Therefore, to prevent the harmful effects of malware and to generate signatures for malware detection, the packed and encrypted executable codes must initially be unpacked. The first step of unpacking is to detect the packed executable files. In this paper, a packed file detection technique (PHAD) based on a PE header analysis is proposed. In many cases, to pack and unpack the executable codes, PE files have unusual attributes in their PE headers. In this paper, these characteristics are utilized to detect the packed files. a characteristic vector (CV) that consists of eight elements is defined, and the Euclidean distance (ED) of the CV is calculated. The EDs of the packed files are calculated and represent the base threshold for the detection of packed files.

Published in:
Computer Science and its Applications, 2008. CSA '08. International Symposium on

Date of Conference: 13-15 Oct. 2008

Page(s):: 28 - 31
Print ISBN:: 978-0-7695-3428-2
INSPEC Accession Number:: 10369839

Conference Location :: Hobart, ACT
Digital Object Identifier :: 10.1109/CSA.2008.28
Product Type:: Conference Publications

Author(s)

Yang-Seo Choi
Ik-kyun Kim ; Jin-Tae Oh ; Jae-Cheol Ryou

INSPEC: CONTROLLED INDEXING

cryptography

invasive software

INSPEC: NON CONTROLLED INDEXING

Euclidean distance

PE file header analysis

characteristic vector

encryption techniques

malware detection

packed PE file detection technique

packing techniques

AUTHOR KEYWORDS

PE header

Pack

detector

IEEE TERMS

Application software

Computer hacking

Computer science

Cryptography

Entropy

Euclidean distance

Frequency

Information security

Scalability

Referenced Items are not available for this document.

No versions found for this document.

Standards Dictionary Terms are available to subscribers only.

| Create Account

IEEE Account

Purchase Details

Profile Information

Need Help?

US & Canada: +1 800 678 4333
Worldwide: +1 732 981 0060
Contact & Support

IEEE Advancing Technology for Humanity

About IEEE Xplore | Contact | Help | Terms of Use | Nondiscrimination Policy | Site Map | Privacy & Opting Out of Cookies

A not-for-profit organization, IEEE is the world's largest professional association for the advancement of technology.
© Copyright 2013 IEEE - All rights reserved. Use of this web site signifies your agreement to the terms and conditions.