{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,16]],"date-time":"2026-02-16T01:01:10Z","timestamp":1771203670134,"version":"3.50.1"},"reference-count":36,"publisher":"Springer Science and Business Media LLC","issue":"1","license":[{"start":{"date-parts":[[2026,2,16]],"date-time":"2026-02-16T00:00:00Z","timestamp":1771200000000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2026,2,16]],"date-time":"2026-02-16T00:00:00Z","timestamp":1771200000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"funder":[{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["No. 62162009"],"award-info":[{"award-number":["No. 62162009"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100018533","name":"Major Scientific and Technological Special Project of Guizhou Province","doi-asserted-by":"publisher","award":["No.[2024]014"],"award-info":[{"award-number":["No.[2024]014"]}],"id":[{"id":"10.13039\/501100018533","id-type":"DOI","asserted-by":"publisher"}]},{"name":"Big Data Security and Network Security Innovation Team of Universities in Guizhou Province","award":["No.[2023]052"],"award-info":[{"award-number":["No.[2023]052"]}]},{"name":"Key Technologies R&D Program of He\u2019nan Province","award":["No. 242102211065"],"award-info":[{"award-number":["No. 242102211065"]}]},{"DOI":"10.13039\/501100013057","name":"Innovation Scientists and Technicians Troop Construction Projects of Henan Province","doi-asserted-by":"publisher","award":["No. CXTD2017099"],"award-info":[{"award-number":["No. CXTD2017099"]}],"id":[{"id":"10.13039\/501100013057","id-type":"DOI","asserted-by":"publisher"}]},{"name":"Scientific Research Innovation Team of Xuchang University","award":["No. 2022CXTD003"],"award-info":[{"award-number":["No. 2022CXTD003"]}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Cybersecurity"],"abstract":"Abstract<\/jats:title>\n \n Although packers are useful tools for protecting applications, they can also be used to protect malware. This makes packer identification technology increasingly important for malware analysis. Most existing packer identification methods based on static analysis extract a large number of features from the binary code of an executable. However, these binary code-related features are sensitive to small changes in the executable\u2019s binary code, and it is difficult to understand how these features influence the decision-making processes of machine learning models. To address the shortcomings of existing static analysis-based packer identification methods, we explore extraction of a small number of easily extractable and discriminative features for efficient and accurate packer identification. Specifically, we analyze the packing process and notice that the structures of the packed PEs differ according to the different packing patterns used by the packer. Based on this, a section-entropy plot is proposed, which is generated by a small number of easily extractable and discriminative features that can reflect the overall structure of a PE file. By using GoogLeNet to identify the packer characterized by the section-entropy plot, a\n p<\/jats:italic>\n acker\n i<\/jats:italic>\n dentification method based on the\n s<\/jats:italic>\n ection-\n e<\/jats:italic>\n ntropy\n p<\/jats:italic>\n lot (PISEP) is constructed, which does not require PE file disassembly and complex feature engineering. The experimental results show that PISEP achieves 99.08% accuracy for identifying seen and unseen types of packers and requires only 0.165\u00a0s on average to identify the packer class of a test sample, and thus could be a highly competitive candidate for packer identification.\n <\/jats:p>","DOI":"10.1186\/s42400-025-00416-y","type":"journal-article","created":{"date-parts":[[2026,2,16]],"date-time":"2026-02-16T00:03:33Z","timestamp":1771200213000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["A packer identification method based on section-entropy plot"],"prefix":"10.1186","volume":"9","author":[{"given":"Yueting","family":"Wan","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3341-220X","authenticated-orcid":false,"given":"Chun","family":"Guo","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Yuan","family":"Ping","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Yunhe","family":"Cui","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Xiaodan","family":"Lyu","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Guowei","family":"Shen","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2026,2,16]]},"reference":[{"key":"416_CR1","doi-asserted-by":"crossref","unstructured":"Ahmadi M, Ulyanov D, Semenov S, Trofimov M, Giacinto G (2016) Novel feature extraction, selection and fusion for effective malware family classification. In: Proceedings of the sixth ACM conference on data and application security and privacy, pp 183\u2013194","DOI":"10.1145\/2857705.2857713"},{"key":"416_CR2","unstructured":"aldeid: PEiD\u2014aldeid. https:\/\/www.aldeid.com\/wiki\/PEiD. Accessed 2024-09-07"},{"issue":"2","key":"416_CR3","doi-asserted-by":"publisher","first-page":"102","DOI":"10.3390\/info15020102","volume":"15","author":"E Alkhateeb","year":"2024","unstructured":"Alkhateeb E, Ghorbani A, Habibi Lashkari A (2024) Identifying malware packers through multilayer feature engineering in static analysis. Information 15(2):102","journal-title":"Information"},{"key":"416_CR4","doi-asserted-by":"publisher","first-page":"436","DOI":"10.1016\/j.cose.2019.05.007","volume":"85","author":"F Biondi","year":"2019","unstructured":"Biondi F, Enescu MA, Given-Wilson T, Legay A, Noureddine L, Verma V (2019) Effective, efficient, and robust packing detection and classification. Comput Secur 85:436\u2013451","journal-title":"Comput Secur"},{"key":"416_CR5","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2023.103582","volume":"137","author":"A Brown","year":"2024","unstructured":"Brown A, Gupta M, Abdelsalam M (2024) Automated machine learning for deep learning based malware detection. Comput Secur 137:103582","journal-title":"Comput Secur"},{"key":"416_CR6","doi-asserted-by":"publisher","first-page":"28412","DOI":"10.1109\/ACCESS.2019.2901522","volume":"7","author":"N-T Chau","year":"2019","unstructured":"Chau N-T, Jung S (2019) An entropy-based solution for identifying android packers. IEEE Access 7:28412\u201328421","journal-title":"IEEE Access"},{"key":"416_CR7","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2022.103084","volume":"126","author":"H Deng","year":"2023","unstructured":"Deng H, Guo C, Shen G, Cui Y, Ping Y (2023) MCTVD: a malware classification method based on three-channel visualization and deep learning. Comput Secur 126:103084","journal-title":"Comput Secur"},{"key":"416_CR8","unstructured":"Dhondta A Dataset of packed PE files. https:\/\/github.com\/packing-box\/dataset-packed-pe. Accessed 2025-02-06"},{"key":"416_CR9","doi-asserted-by":"crossref","unstructured":"He K, Zhang X, Ren S, Sun J (2016) Deep residual learning for image recognition. In: Proceedings of the IEEE conference on computer vision and pattern recognition, pp 770\u2013778","DOI":"10.1109\/CVPR.2016.90"},{"key":"416_CR10","unstructured":"Hors: Github\u2014horsicq\/detect-it-easy: program for determining types of files for windows, linux and macos. https:\/\/github.com\/horsicq\/Detect-It-Easy. Accessed 2024-09-07"},{"issue":"8","key":"416_CR11","doi-asserted-by":"publisher","first-page":"5082","DOI":"10.1002\/cpe.5082","volume":"32","author":"B Jung","year":"2020","unstructured":"Jung B, Bae SI, Choi C, Im EG (2020) Packer identification method based on byte sequences. Concurr Comput Pract Exp 32(8):5082","journal-title":"Concurr Comput Pract Exp"},{"key":"416_CR12","doi-asserted-by":"publisher","first-page":"101","DOI":"10.1007\/s11416-015-0249-8","volume":"12","author":"K Kancherla","year":"2016","unstructured":"Kancherla K, Donahue J, Mukkamala S (2016) Packer identification using byte plot and Markov plot. J Comput Virol Hack Tech 12:101\u2013111","journal-title":"J Comput Virol Hack Tech"},{"key":"416_CR13","doi-asserted-by":"crossref","unstructured":"Kang B, Kim T, Kang B, Im EG, Ryu M (2014) Tasel: dynamic taint analysis with selective control dependency. In: Proceedings of the 2014 conference on research in adaptive and convergent systems, pp 272\u2013277","DOI":"10.1145\/2663761.2664219"},{"key":"416_CR14","doi-asserted-by":"crossref","unstructured":"Kim Y, Paik J-Y, Choi S, Cho E-S (2019) Efficient SVM based packer identification with binary diffing measures. In: 2019 IEEE 43rd annual computer software and applications conference (COMPSAC). IEEE, 1, pp 795\u2013800","DOI":"10.1109\/COMPSAC.2019.00117"},{"key":"416_CR15","doi-asserted-by":"crossref","unstructured":"Kolosnjaji B, Demontis A, Biggio B, Maiorca D, Giacinto G, Eckert C, Roli F (2018) Adversarial malware binaries: evading deep learning for malware detection in executables. In: 2018 26th European signal processing conference (EUSIPCO). IEEE, pp 533\u2013537","DOI":"10.23919\/EUSIPCO.2018.8553214"},{"key":"416_CR16","unstructured":"Kwiatkowski, I.: Manalyze. https:\/\/github.com\/JusticeRage\/Manalyze. Accessed 2024-09-07"},{"key":"416_CR17","doi-asserted-by":"crossref","unstructured":"Laxmi V, Gaur MS, Faruki P, Naval S (2012) Peal\u2014packed executable analysis. In: Advanced computing, networking and security: international conference, ADCONS 2011, Surathkal, India, December 16\u201318, 2011, Revised Selected Papers. Springer, pp 237\u2013243","DOI":"10.1007\/978-3-642-29280-4_28"},{"key":"416_CR18","doi-asserted-by":"publisher","first-page":"9038","DOI":"10.1007\/s10489-021-02347-w","volume":"51","author":"H Liu","year":"2021","unstructured":"Liu H, Guo C, Cui Y, Shen G, Ping Y (2021) 2-spiff: a 2-stage packer identification method based on function call graph and file attributes. Appl Intell 51:9038\u20139053","journal-title":"Appl Intell"},{"key":"416_CR19","unstructured":"A.S.L A.S.L Soft. https:\/\/github.com\/ExeinfoASL\/ASL. Accessed 2024-09-07"},{"key":"416_CR20","unstructured":"Maaten L, Hinton G (2008) Visualizing data using t-SNE. J Mach Learn Res 9(11)"},{"key":"416_CR21","doi-asserted-by":"crossref","unstructured":"Martignoni L, Christodorescu M, Jha S (2007) Omniunpack: fast, generic, and safe unpacking of malware. In: Twenty-third annual computer security applications conference (ACSAC 2007). IEEE, pp. 431\u2013441","DOI":"10.1109\/ACSAC.2007.15"},{"key":"416_CR22","doi-asserted-by":"crossref","unstructured":"Noureddine L, Heuser A, Puodzius C, Zendra O (2021) Se-PAC: a self-evolving packer classifier against rapid packers evolution. In: Proceedings of the Eleventh ACM Conference on Data and Application Security and Privacy, pp 281\u2013292","DOI":"10.1145\/3422337.3447848"},{"key":"416_CR23","unstructured":"Oberheide J, Bailey M, Jahanian F (2009) Polypack: an automated online packing service for optimal antivirus evasion. In: Proceedings of the 3rd USENIX conference on offensive technologies, pp 9\u20139"},{"key":"416_CR24","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2023.103536","volume":"136","author":"C-HB Ouytsel","year":"2024","unstructured":"Ouytsel C-HB, Dam KHT, Legay A (2024) Analysis of machine learning approaches to packing detection. Comput Secur 136:103536","journal-title":"Comput Secur"},{"issue":"3","key":"416_CR25","first-page":"15","volume":"9","author":"M Pietrek","year":"1994","unstructured":"Pietrek M (1994) Peering inside the PE: a tour of the win32 (R) portable executable file format. Microsoft Syst J US Edition 9(3):15\u201338","journal-title":"Microsoft Syst J US Edition"},{"key":"416_CR26","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2022.102762","volume":"119","author":"Y Qiao","year":"2022","unstructured":"Qiao Y, Zhang W, Tian Z, Yang LT, Liu Y, Alazab M (2022) Adversarial malware sample generation method based on the prototype of deep learning detector. Comput Secur 119:102762","journal-title":"Comput Secur"},{"key":"416_CR27","doi-asserted-by":"publisher","DOI":"10.1016\/j.engappai.2023.106030","volume":"122","author":"K Shaukat","year":"2023","unstructured":"Shaukat K, Luo S, Varadharajan V (2023) A novel deep learning-based approach for malware detection. Eng Appl Artif Intell 122:106030","journal-title":"Eng Appl Artif Intell"},{"key":"416_CR28","unstructured":"Simonyan K, Zisserman A (2014) Very deep convolutional networks for large-scale image recognition. arXiv preprint arXiv:1409.1556"},{"key":"416_CR29","doi-asserted-by":"crossref","unstructured":"Suciu O, Coull SE, Johns J (2019) Exploring adversarial examples in malware detection. In: 2019 IEEE Security and Privacy Workshops (SPW). IEEE, pp 8\u201314","DOI":"10.1109\/SPW.2019.00015"},{"issue":"12","key":"416_CR30","doi-asserted-by":"publisher","first-page":"2331","DOI":"10.1002\/spe.2622","volume":"48","author":"JH Suk","year":"2018","unstructured":"Suk JH, Lee J-Y, Jin H, Kim IS, Lee DH (2018) Unthemida: commercial obfuscation technique analysis with a fully obfuscated program. Software Pract Exp 48(12):2331\u20132349","journal-title":"Software Pract Exp"},{"key":"416_CR31","doi-asserted-by":"crossref","unstructured":"Szegedy C, Liu W, Jia Y, Sermanet P, Reed S, Anguelov D, Erhan D, Vanhoucke V, Rabinovich A (2015) Going deeper with convolutions. In: Proceedings of the IEEE conference on computer vision and pattern recognition, pp. 1\u20139","DOI":"10.1109\/CVPR.2015.7298594"},{"key":"416_CR32","doi-asserted-by":"crossref","unstructured":"Ugarte-Pedrero X, Balzarotti D, Santos I, Bringas PG (2015) SOK: Deep packer inspection: a longitudinal study of the complexity of run-time packers. In: 2015 IEEE symposium on security and privacy. IEEE, pp 659\u2013673","DOI":"10.1109\/SP.2015.46"},{"issue":"5","key":"416_CR33","doi-asserted-by":"publisher","first-page":"65","DOI":"10.1109\/MSP.2008.126","volume":"6","author":"W Yan","year":"2008","unstructured":"Yan W, Zhang Z, Ansari N (2008) Revealing packed malware. IEEE Secur. Privacy 6(5):65\u201369","journal-title":"IEEE Secur. Privacy"},{"key":"416_CR34","doi-asserted-by":"crossref","unstructured":"Ying X (2019) An overview of overfitting and its solutions. In: Journal of physics: conference series. IOP Publishing, 1168:022022","DOI":"10.1088\/1742-6596\/1168\/2\/022022"},{"key":"416_CR35","doi-asserted-by":"crossref","unstructured":"Zeiler MD, Fergus R (2014) Visualizing and understanding convolutional networks. In: Computer Vision\u2013ECCV 2014: 13th European conference, Zurich, Switzerland, September 6\u201312, 2014, Proceedings, Part I 13. Springer, pp 818\u2013833","DOI":"10.1007\/978-3-319-10590-1_53"},{"issue":"1","key":"416_CR36","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/s11432-020-2885-6","volume":"64","author":"Z-H Zhou","year":"2021","unstructured":"Zhou Z-H (2021) Why over-parameterization of deep neural networks does not overfit. Sci China Inf Sci 64(1):1\u20133","journal-title":"Sci China Inf Sci"}],"container-title":["Cybersecurity"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1186\/s42400-025-00416-y.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1186\/s42400-025-00416-y","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1186\/s42400-025-00416-y.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,2,16]],"date-time":"2026-02-16T00:03:35Z","timestamp":1771200215000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1186\/s42400-025-00416-y"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026,2,16]]},"references-count":36,"journal-issue":{"issue":"1","published-online":{"date-parts":[[2026,12]]}},"alternative-id":["416"],"URL":"https:\/\/doi.org\/10.1186\/s42400-025-00416-y","relation":{},"ISSN":["2523-3246"],"issn-type":[{"value":"2523-3246","type":"electronic"}],"subject":[],"published":{"date-parts":[[2026,2,16]]},"assertion":[{"value":"4 January 2025","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"4 June 2025","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"16 February 2026","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors declare that they have no known competing financial interests or personal relationships that could have appeared to influence the work reported in this paper.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Competing interests"}}],"article-number":"29"}}