{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,6]],"date-time":"2025-06-06T08:49:57Z","timestamp":1749199797310,"version":"3.40.3"},"publisher-location":"Cham","reference-count":53,"publisher":"Springer Nature Switzerland","isbn-type":[{"type":"print","value":"9783031738869"},{"type":"electronic","value":"9783031738876"}],"license":[{"start":{"date-parts":[[2024,10,23]],"date-time":"2024-10-23T00:00:00Z","timestamp":1729641600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2024,10,23]],"date-time":"2024-10-23T00:00:00Z","timestamp":1729641600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025]]},"DOI":"10.1007\/978-3-031-73887-6_12","type":"book-chapter","created":{"date-parts":[[2024,10,22]],"date-time":"2024-10-22T23:02:38Z","timestamp":1729638158000},"page":"146-166","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":2,"title":["Assessing Static and Dynamic Features for Packing Detection"],"prefix":"10.1007","author":[{"given":"Charles-Henry Bertrand","family":"Van Ouytsel","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Axel","family":"Legay","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Serena","family":"Lucca","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Dimitri","family":"Wauters","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2024,10,23]]},"reference":[{"key":"12_CR1","doi-asserted-by":"crossref","unstructured":"Aghakhani, H., et al.: When malware is packin\u2019heat; limits of machine learning classifiers based on static analysis features. In: NDSS 2020 (2020)","DOI":"10.14722\/ndss.2020.24310"},{"key":"12_CR2","doi-asserted-by":"crossref","unstructured":"Ahmadi, M., Ulyanov, D., Semenov, S., Trofimov, M., Giacinto, G.: Novel feature extraction, selection and fusion for effective malware family classification. In: Proceedings of the Sixth ACM Conference on Data and Application Security and Privacy, pp. 183\u2013194 (2016)","DOI":"10.1145\/2857705.2857713"},{"key":"12_CR3","unstructured":"Arp, D., et al.: Dos and don\u2019ts of machine learning in computer security. In: USENIX Security 22, pp. 3971\u20133988 (2022)"},{"key":"12_CR4","unstructured":"Avast: Pelib (2023). https:\/\/github.com\/avast\/pelib"},{"key":"12_CR5","doi-asserted-by":"publisher","first-page":"227","DOI":"10.1007\/s10207-016-0330-4","volume":"16","author":"M Bat-Erdene","year":"2017","unstructured":"Bat-Erdene, M., Park, H., Li, H., Lee, H., Choi, M.S.: Entropy analysis to classify unknown packing algorithms for malware detection. Int. J. Inf. Secur. 16, 227\u2013248 (2017)","journal-title":"Int. J. Inf. Secur."},{"key":"12_CR6","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"62","DOI":"10.1007\/978-3-031-31108-6_5","volume-title":"Risks and Security of Internet and Systems","author":"C-H Bertrand Van Ouytsel","year":"2023","unstructured":"Bertrand Van Ouytsel, C.-H., Crochet, C., Dam, K.H.T., Legay, A.: Tool Paper - SEMA: symbolic execution toolchain for\u00a0malware analysis. In: Kallel, S., Jmaiel, M., Zulkernine, M., Hadj Kacem, A., Cuppens, F., Cuppens, N. (eds.) CRiSIS 2022. LNCS, vol. 13857, pp. 62\u201368. Springer, Cham (2023). https:\/\/doi.org\/10.1007\/978-3-031-31108-6_5"},{"key":"12_CR7","doi-asserted-by":"crossref","unstructured":"Bertrand Van\u00a0Ouytsel, C.H., Dam, K.H.T., Legay, A.: Symbolic analysis meets federated learning to enhance malware identifier. In: Proceedings of the 17th International Conference on Availability, Reliability and Security, pp. 1\u201310 (2022)","DOI":"10.1145\/3538969.3538996"},{"key":"12_CR8","doi-asserted-by":"crossref","unstructured":"Bertrand Van\u00a0Ouytsel, C.H., Dam, K.H.T., Legay, A.: Analysis of machine learning approaches to packing detection. Comput. Secur. 103536 (2023)","DOI":"10.1016\/j.cose.2023.103536"},{"key":"12_CR9","doi-asserted-by":"publisher","unstructured":"Bertrand Van\u00a0Ouytsel, C.H., Legay, A.: Malware analysis with symbolic execution and graph kernel. In: Reiser, H.P., Kyas, M. (eds.) Secure IT Systems. NordSec 2022. LNCS, vol. 13700, pp. 292\u2013310. Springer, Cham (2022). https:\/\/doi.org\/10.1007\/978-3-031-22295-5_16","DOI":"10.1007\/978-3-031-22295-5_16"},{"key":"12_CR10","doi-asserted-by":"publisher","first-page":"436","DOI":"10.1016\/j.cose.2019.05.007","volume":"85","author":"F Biondi","year":"2019","unstructured":"Biondi, F., Enescu, M.A., Given-Wilson, T., Legay, A., Noureddine, L., Verma, V.: Effective, efficient, and robust packing detection and classification. Comput. Secur. 85, 436\u2013451 (2019)","journal-title":"Comput. Secur."},{"key":"12_CR11","doi-asserted-by":"publisher","unstructured":"Biondi, F., Given-Wilson, T., Legay, A., Puodzius, C., Quilbeuf, J.: Tutorial: an overview of malware detection and evasion techniques. In: Margaria, T., Steffen, B. (eds.) Leveraging Applications of Formal Methods, Verification and Validation. Modeling. ISoLA 2018. LNCS, vol. 11244, pp. 565\u2013586. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-030-03418-4_34","DOI":"10.1007\/978-3-030-03418-4_34"},{"key":"12_CR12","unstructured":"Biondi, F., Josse, S., Legay, A.: Bypassing malware obfuscation with dynamic synthesis. ERCIM News (106) (2016)"},{"key":"12_CR13","doi-asserted-by":"publisher","first-page":"500","DOI":"10.1016\/j.cose.2017.07.006","volume":"70","author":"F Biondi","year":"2017","unstructured":"Biondi, F., Josse, S., Legay, A., Sirvent, T.: Effectiveness of synthesis in concolic deobfuscation. Comput. Secur. 70, 500\u2013515 (2017)","journal-title":"Comput. Secur."},{"key":"12_CR14","unstructured":"packing box: dataset-packed-pe (2023). https:\/\/github.com\/packing-box\/dataset-packed-pe"},{"key":"12_CR15","doi-asserted-by":"crossref","unstructured":"Cheng, B., et al.: Towards paving the way for large-scale windows malware analysis: generic binary unpacking with orders-of-magnitude performance boost. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, pp. 395\u2013411 (2018)","DOI":"10.1145\/3243734.3243771"},{"key":"12_CR16","unstructured":"Cheng, B., et al.: $$\\{$$Obfuscation-Resilient$$\\}$$ executable payload extraction from packed malware. In: 30th USENIX Security Symposium (USENIX Security 21), pp. 3451\u20133468 (2021)"},{"key":"12_CR17","doi-asserted-by":"crossref","unstructured":"Choi, Y.S., Kim, I.K., Oh, J.T., Ryou, J.C.: PE file header analysis-based packed PE file detection technique (PHAD). In: International Symposium on Computer Science and its Applications, pp. 28\u201331. IEEE (2008)","DOI":"10.1109\/CSA.2008.28"},{"key":"12_CR18","doi-asserted-by":"crossref","unstructured":"Dam, K.H.T., Given-Wilson, T., Legay, A.: Unsupervised behavioural mining and clustering for malware family identification. In: Proceedings of the 36th Annual ACM Symposium on Applied Computing, pp. 374\u2013383 (2021)","DOI":"10.1145\/3412841.3441919"},{"key":"12_CR19","doi-asserted-by":"publisher","DOI":"10.1016\/j.asoc.2022.109373","volume":"127","author":"KHT Dam","year":"2022","unstructured":"Dam, K.H.T., Given-Wilson, T., Legay, A., Veroneze, R.: Packer classification based on association rule mining. Appl. Soft Comput. 127, 109373 (2022)","journal-title":"Appl. Soft Comput."},{"key":"12_CR20","doi-asserted-by":"crossref","unstructured":"Dambra, S., et al.: Decoding the secrets of machine learning in malware classification: a deep dive into datasets, feature extraction, and model performance. arXiv preprint arXiv:2307.14657 (2023)","DOI":"10.1145\/3576915.3616589"},{"key":"12_CR21","unstructured":"D\u2019Hondt, A.: Peid (2023). https:\/\/github.com\/packing-box\/peid"},{"key":"12_CR22","doi-asserted-by":"crossref","unstructured":"D\u2019Hondt, A., Van\u00a0Ouytsel, C.H.B., Legay, A.: Experimental toolkit for manipulating executable packing. arXiv preprint arXiv:2302.09286 (2023)","DOI":"10.1007\/978-3-031-61231-2_17"},{"key":"12_CR23","doi-asserted-by":"crossref","unstructured":"Dolan-Gavitt, B., Hodosh, J., Hulin, P., Leek, T., Whelan, R.: Repeatable reverse engineering with panda. In: Proceedings of the 5th Program Protection and Reverse Engineering Workshop, pp. 1\u201311 (2015)","DOI":"10.1145\/2843859.2843867"},{"key":"12_CR24","unstructured":"ENISA: Threat landscape report 2022 (2022). https:\/\/www.enisa.europa.eu\/publications\/enisa-threat-landscape-2022"},{"issue":"2","key":"12_CR25","doi-asserted-by":"publisher","first-page":"646","DOI":"10.1016\/j.jnca.2012.10.004","volume":"36","author":"R Islam","year":"2013","unstructured":"Islam, R., Tian, R., Batten, L.M., Versteeg, S.: Classification of malware based on integrated static and dynamic features. J. Netw. Comput. Appl. 36(2), 646\u2013656 (2013)","journal-title":"J. Netw. Comput. Appl."},{"key":"12_CR26","doi-asserted-by":"publisher","first-page":"101","DOI":"10.1007\/s11416-015-0249-8","volume":"12","author":"K Kancherla","year":"2016","unstructured":"Kancherla, K., Donahue, J., Mukkamala, S.: Packer identification using byte plot and Markov plot. J. Comput. Virol. Hacking Tech. 12, 101\u2013111 (2016)","journal-title":"J. Comput. Virol. Hacking Tech."},{"key":"12_CR27","doi-asserted-by":"crossref","unstructured":"Kotov, V., Wojnowicz, M.: Towards generic deobfuscation of windows API calls (2018). arXiv preprint arXiv:1802.04466","DOI":"10.14722\/bar.2018.23011"},{"key":"12_CR28","doi-asserted-by":"crossref","unstructured":"K\u00fcchler, A., Mantovani, A., Han, Y., Bilge, L., Balzarotti, D.: Does every second count? time-based evolution of malware behavior in sandboxes. In: NDSS (2021)","DOI":"10.14722\/ndss.2021.24475"},{"key":"12_CR29","unstructured":"Kwiatkowski, I.: Manalyze (2023). https:\/\/github.com\/JusticeRage\/Manalyze"},{"key":"12_CR30","doi-asserted-by":"publisher","first-page":"51620","DOI":"10.1109\/ACCESS.2019.2910268","volume":"7","author":"X Li","year":"2019","unstructured":"Li, X., Shan, Z., Liu, F., Chen, Y., Hou, Y.: A consistently-executing graph-based approach for malware packer identification. IEEE Access 7, 51620\u201351629 (2019)","journal-title":"IEEE Access"},{"key":"12_CR31","doi-asserted-by":"publisher","first-page":"83","DOI":"10.1016\/j.diin.2019.01.004","volume":"28","author":"C Lim","year":"2019","unstructured":"Lim, C., Ramli, K., Kotualubun, Y.S., et al.: Mal-Flux: rendering hidden code of packed binary executable. Digit. Investig. 28, 83\u201395 (2019)","journal-title":"Digit. Investig."},{"key":"12_CR32","unstructured":"Lucca, S., Wauters, D.: Pandi (2023). https:\/\/github.com\/dimitriwauters\/PANDI"},{"issue":"2","key":"12_CR33","doi-asserted-by":"publisher","first-page":"40","DOI":"10.1109\/MSP.2007.48","volume":"5","author":"R Lyda","year":"2007","unstructured":"Lyda, R., Hamrock, J.: Using entropy analysis to find encrypted and packed malware. IEEE Secur. Priv. 5(2), 40\u201345 (2007)","journal-title":"IEEE Secur. Priv."},{"key":"12_CR34","doi-asserted-by":"crossref","unstructured":"Mantovani, A., Aonzo, S., Ugarte-Pedrero, X., Merlo, A., Balzarotti, D.: Prevalence and impact of low-entropy packing schemes in the malware ecosystem. In: NDSS (2020)","DOI":"10.14722\/ndss.2020.24297"},{"key":"12_CR35","doi-asserted-by":"crossref","unstructured":"Martignoni, L., Christodorescu, M., Jha, S.: Omniunpack: fast, generic, and safe unpacking of malware. In: ACSAC. IEEE (2007)","DOI":"10.1109\/ACSAC.2007.15"},{"key":"12_CR36","unstructured":"Molnar, C.: Interpretable machine learning. Lulu. com (2020)"},{"issue":"5","key":"12_CR37","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3530810","volume":"55","author":"T Muralidharan","year":"2022","unstructured":"Muralidharan, T., Cohen, A., Gerson, N., Nissim, N.: File packing from the malware perspective: techniques, analysis approaches, and directions for enhancements. ACM Comput. Surv. 55(5), 1\u201345 (2022)","journal-title":"ACM Comput. Surv."},{"key":"12_CR38","doi-asserted-by":"crossref","unstructured":"Noureddine, L., Heuser, A., Puodzius, C., Zendra, O.: SE-PAC: a self-evolving packer classifier against rapid packers evolution. In: CODASPY (2021)","DOI":"10.1145\/3422337.3447848"},{"key":"12_CR39","unstructured":"Oberhumer, M., Molnar, L., Reiser, J.: UPX, the Ultimate Packer for eXecutables. https:\/\/upx.github.io\/"},{"key":"12_CR40","doi-asserted-by":"crossref","unstructured":"Perdisci, R., Lanzi, A., Lee, W.: Classification of packed executables for accurate computer virus detection 29(14), 1941\u20131946","DOI":"10.1016\/j.patrec.2008.06.016"},{"key":"12_CR41","unstructured":"panda re: Panda (2023). https:\/\/github.com\/panda-re\/panda"},{"key":"12_CR42","doi-asserted-by":"crossref","unstructured":"Said, N.B., et al.: Detection of mirai by syntactic and behavioral analysis. In: ISSRE, pp. 224\u2013235. IEEE (2018)","DOI":"10.1109\/ISSRE.2018.00032"},{"key":"12_CR43","doi-asserted-by":"crossref","unstructured":"Sebastio, S., et al.: Optimizing symbolic execution for malware behavior classification. Comput. Secur. 101775 (2020)","DOI":"10.1016\/j.cose.2020.101775"},{"key":"12_CR44","doi-asserted-by":"crossref","unstructured":"Shafiei, A., Rimmer, V., Tsingenopoulos, I., Desmet, L., Joosen, W.: Position paper: on advancing adversarial malware generation using dynamic features. In: Proceedings of the 1st Workshop on Robust Malware Analysis, pp. 15\u201320 (2022)","DOI":"10.1145\/3494110.3528244"},{"key":"12_CR45","doi-asserted-by":"crossref","unstructured":"Smith, M.R., et al.: Mind the gap: on bridging the semantic gap between machine learning and malware analysis. In: Proceedings of the 13th ACM Workshop on Artificial Intelligence and Security, pp. 49\u201360 (2020)","DOI":"10.1145\/3411508.3421373"},{"key":"12_CR46","unstructured":"Song, W., Li, X., Afroz, S., Garg, D., Kuznetsov, D., Yin, H.: Mab-malware: a reinforcement learning framework for attacking static malware classifiers. arXiv preprint arXiv:2003.03100 (2020)"},{"key":"12_CR47","doi-asserted-by":"crossref","unstructured":"Treadwell, S., Zhou, M.: A heuristic approach for detection of obfuscated malware. In: IEEE International Conference on Intelligence and Security Informatics, ISI 2009, Dallas, Texas, USA, 8\u201311 June 2009, Proceedings, pp. 291\u2013299. IEEE (2009)","DOI":"10.1109\/ISI.2009.5137328"},{"key":"12_CR48","doi-asserted-by":"crossref","unstructured":"Ugarte-Pedrero, X., Balzarotti, D., Santos, I., Bringas, P.G.: Sok: deep packer inspection: a longitudinal study of the complexity of run-time packers. In: 2015 IEEE Symposium on Security and Privacy, pp. 659\u2013673. IEEE (2015)","DOI":"10.1109\/SP.2015.46"},{"key":"12_CR49","doi-asserted-by":"publisher","first-page":"126","DOI":"10.1016\/j.cose.2014.03.012","volume":"43","author":"X Ugarte-Pedrero","year":"2014","unstructured":"Ugarte-Pedrero, X., Santos, I., Garc\u00eda-Ferreira, I., Huerta, S., Sanz, B., Bringas, P.G.: On the adoption of anomaly detection for packed executable filtering. Comput. Secur. 43, 126\u2013144 (2014)","journal-title":"Comput. Secur."},{"key":"12_CR50","doi-asserted-by":"crossref","unstructured":"Wu, C., Shi, J., Yang, Y., Li, W.: Enhancing machine learning based malware detection model by reinforcement learning. In: Proceedings of the 8th International Conference on Communication and Network Security, pp. 74\u201378 (2018)","DOI":"10.1145\/3290480.3290494"},{"key":"12_CR51","unstructured":"Yan, X., Han, J.: Gspan: graph-based substructure pattern mining. In: 2002 IEEE International Conference on Data Mining, 2002, pp. 721\u2013724. IEEE (2002)"},{"key":"12_CR52","unstructured":"Yason, M.V.: The art of unpacking. Retrieved Feb 12, 2008 (2007)"},{"issue":"17","key":"12_CR53","doi-asserted-by":"publisher","first-page":"3015","DOI":"10.1002\/sec.1228","volume":"8","author":"M Zakeri","year":"2015","unstructured":"Zakeri, M., Faraji Daneshgar, F., Abbaspour, M.: A static heuristic approach to detecting malware targets. Secur. Commun. Netw. 8(17), 3015\u20133027 (2015)","journal-title":"Secur. Commun. Netw."}],"container-title":["Lecture Notes in Computer Science","The Combined Power of Research, Education, and Dissemination"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-73887-6_12","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,1,30]],"date-time":"2025-01-30T11:15:54Z","timestamp":1738235754000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-73887-6_12"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,10,23]]},"ISBN":["9783031738869","9783031738876"],"references-count":53,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-73887-6_12","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2024,10,23]]},"assertion":[{"value":"23 October 2024","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"The author(s) has no competing interests to declare that are relevant to the content of this manuscript.","order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflict of Interest"}}]}}