Skip to content
/ PackerDetectorConsideration Public

Consideration of packer detection tool for FFRI Dataset scripts

License

Apache-2.0 license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

FFRI/PackerDetectorConsideration

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 
analyze_packing_data.ipynb
analyze_packing_data.ipynb
 
 
analyze_rcelab_data.ipynb
analyze_rcelab_data.ipynb
 
 
manalyze_result_packingdata_nonpacked.jsonl
manalyze_result_packingdata_nonpacked.jsonl
 
 
manalyze_result_packingdata_packed.jsonl
manalyze_result_packingdata_packed.jsonl
 
 
manalyze_result_rcelab.jsonl
manalyze_result_rcelab.jsonl
 
 
poetry.lock
poetry.lock
 
 
pypacker_result_packingdata_nonpacked.jsonl
pypacker_result_packingdata_nonpacked.jsonl
 
 
pypacker_result_packingdata_packed.jsonl
pypacker_result_packingdata_packed.jsonl
 
 
pypacker_result_rcelab.jsonl
pypacker_result_rcelab.jsonl
 
 
pypeid_result_packingdata_nonpacked.jsonl
pypeid_result_packingdata_nonpacked.jsonl
 
 
pypeid_result_packingdata_packed.jsonl
pypeid_result_packingdata_packed.jsonl
 
 
pypeid_result_rcelab.jsonl
pypeid_result_rcelab.jsonl
 
 
utils.py
utils.py
 
 

Repository files navigation

Evaluation of packer detection tool for FFRI Dataset scripts

About this repository

In order to resolve the issue of FFRI Dataset scripts, we evaluated some existing OSS packer detection tools.

In this repository, we compare the performance of tools that provide heuristic packer detections (e.g., few import APIs, existence of sections with high entropy, broken rich header, ...).

Note that we previously published similar repository PackerDetectionToolEvaluation, but it focused on the evaluation of signature-based packer detection tools.

Targets

Dataset

We use PackingData dataset for this evaluation.

Note that we fixed the issue of PackingData for this evaluation.

Result

TPR is almost the same between PyPacker and Manalyze; its value is about 94%. The performance of pypeid is slightly lower than these two tools.

On the other hand, FPR was much lower when using PyPacker or pypeid compared with Manalyze.

TPR FPR
PyPackerDetect 94.6% 2.2%
Manalyze 95.0% 41.0%
pypeid 84.9% 5.6%

See Jupyter Notebook for more details.

Author

Koh M. Nakagawa. © FFRI Security, Inc. 2020

License

Apache version 2.0

About

Consideration of packer detection tool for FFRI Dataset scripts

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages