{"id":"https://openalex.org/W4412082584","doi":"https://doi.org/10.1109/host64725.2025.11050036","title":"Low-Entropy Packed Binary Detection via Accurate Hardware Events Profiling","display_name":"Low-Entropy Packed Binary Detection via Accurate Hardware Events Profiling","publication_year":2025,"publication_date":"2025-05-05","ids":{"openalex":"https://openalex.org/W4412082584","doi":"https://doi.org/10.1109/host64725.2025.11050036"},"language":"en","primary_location":{"id":"doi:10.1109/host64725.2025.11050036","is_oa":false,"landing_page_url":"https://doi.org/10.1109/host64725.2025.11050036","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5030543048","display_name":"\u00c9rika Layne Gomes Leal","orcid":"https://orcid.org/0000-0002-2000-1014"},"institutions":[{"id":"https://openalex.org/I157394403","display_name":"Baylor University","ror":"https://ror.org/005781934","country_code":"US","type":"education","lineage":["https://openalex.org/I157394403"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Erika Leal","raw_affiliation_strings":["Baylor University"],"affiliations":[{"raw_affiliation_string":"Baylor University","institution_ids":["https://openalex.org/I157394403"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5061815063","display_name":"Mengfei Ren","orcid":"https://orcid.org/0000-0001-8548-3299"},"institutions":[{"id":"https://openalex.org/I82495205","display_name":"University of Alabama in Huntsville","ror":"https://ror.org/02zsxwr40","country_code":"US","type":"education","lineage":["https://openalex.org/I82495205"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Mengfei Ren","raw_affiliation_strings":["University of Alabama in Huntsville"],"affiliations":[{"raw_affiliation_string":"University of Alabama in Huntsville","institution_ids":["https://openalex.org/I82495205"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5111272780","display_name":"Shengliang Li","orcid":null},"institutions":[{"id":"https://openalex.org/I4210104233","display_name":"China Electronics Corporation (China)","ror":"https://ror.org/00vsv8c52","country_code":"CN","type":"company","lineage":["https://openalex.org/I4210104233"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Shijia Li","raw_affiliation_strings":["China Electronics Corporation"],"affiliations":[{"raw_affiliation_string":"China Electronics Corporation","institution_ids":["https://openalex.org/I4210104233"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5101420644","display_name":"Jiang Ming","orcid":"https://orcid.org/0000-0001-9682-0502"},"institutions":[{"id":"https://openalex.org/I114832834","display_name":"Tulane University","ror":"https://ror.org/04vmvtb21","country_code":"US","type":"education","lineage":["https://openalex.org/I114832834"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Jiang Ming","raw_affiliation_strings":["Tulane University"],"affiliations":[{"raw_affiliation_string":"Tulane University","institution_ids":["https://openalex.org/I114832834"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5030543048"],"corresponding_institution_ids":["https://openalex.org/I157394403"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.0889708,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"346","last_page":"357"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.989300012588501,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.989300012588501,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9799000024795532,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9715999960899353,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/profiling","display_name":"Profiling (computer programming)","score":0.7647832036018372},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6015834808349609},{"id":"https://openalex.org/keywords/binary-number","display_name":"Binary number","score":0.5003998279571533},{"id":"https://openalex.org/keywords/entropy","display_name":"Entropy (arrow of time)","score":0.46327826380729675},{"id":"https://openalex.org/keywords/computer-hardware","display_name":"Computer hardware","score":0.32268020510673523},{"id":"https://openalex.org/keywords/mathematics","display_name":"Mathematics","score":0.19517561793327332},{"id":"https://openalex.org/keywords/physics","display_name":"Physics","score":0.1869058907032013},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.17542433738708496},{"id":"https://openalex.org/keywords/arithmetic","display_name":"Arithmetic","score":0.07691490650177002},{"id":"https://openalex.org/keywords/thermodynamics","display_name":"Thermodynamics","score":0.06833797693252563}],"concepts":[{"id":"https://openalex.org/C187191949","wikidata":"https://www.wikidata.org/wiki/Q1138496","display_name":"Profiling (computer programming)","level":2,"score":0.7647832036018372},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6015834808349609},{"id":"https://openalex.org/C48372109","wikidata":"https://www.wikidata.org/wiki/Q3913","display_name":"Binary number","level":2,"score":0.5003998279571533},{"id":"https://openalex.org/C106301342","wikidata":"https://www.wikidata.org/wiki/Q4117933","display_name":"Entropy (arrow of time)","level":2,"score":0.46327826380729675},{"id":"https://openalex.org/C9390403","wikidata":"https://www.wikidata.org/wiki/Q3966","display_name":"Computer hardware","level":1,"score":0.32268020510673523},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.19517561793327332},{"id":"https://openalex.org/C121332964","wikidata":"https://www.wikidata.org/wiki/Q413","display_name":"Physics","level":0,"score":0.1869058907032013},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.17542433738708496},{"id":"https://openalex.org/C94375191","wikidata":"https://www.wikidata.org/wiki/Q11205","display_name":"Arithmetic","level":1,"score":0.07691490650177002},{"id":"https://openalex.org/C97355855","wikidata":"https://www.wikidata.org/wiki/Q11473","display_name":"Thermodynamics","level":1,"score":0.06833797693252563}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/host64725.2025.11050036","is_oa":false,"landing_page_url":"https://doi.org/10.1109/host64725.2025.11050036","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G1373533507","display_name":null,"funder_award_id":"2312185,2417055","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G76333370","display_name":null,"funder_award_id":"P116Z230151","funder_id":"https://openalex.org/F4320310142","funder_display_name":"Tulane University"}],"funders":[{"id":"https://openalex.org/F4320306076","display_name":"National Science Foundation","ror":"https://ror.org/021nxhr62"},{"id":"https://openalex.org/F4320310142","display_name":"Tulane University","ror":"https://ror.org/04vmvtb21"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":38,"referenced_works":["https://openalex.org/W1504130524","https://openalex.org/W1565441035","https://openalex.org/W1892063863","https://openalex.org/W1981033991","https://openalex.org/W2010910232","https://openalex.org/W2012737144","https://openalex.org/W2029320208","https://openalex.org/W2071289869","https://openalex.org/W2087300543","https://openalex.org/W2107576540","https://openalex.org/W2127890955","https://openalex.org/W2140807364","https://openalex.org/W2143421017","https://openalex.org/W2150423842","https://openalex.org/W2151300580","https://openalex.org/W2161363032","https://openalex.org/W2170467352","https://openalex.org/W2315350509","https://openalex.org/W2319159802","https://openalex.org/W2346169715","https://openalex.org/W2596953812","https://openalex.org/W2602229646","https://openalex.org/W2620946705","https://openalex.org/W2752395945","https://openalex.org/W2804108441","https://openalex.org/W2807415350","https://openalex.org/W2890434219","https://openalex.org/W2900986841","https://openalex.org/W2912095101","https://openalex.org/W2932551155","https://openalex.org/W2947883149","https://openalex.org/W2950774332","https://openalex.org/W2958226831","https://openalex.org/W3007346474","https://openalex.org/W3008201587","https://openalex.org/W3008443984","https://openalex.org/W3108921945","https://openalex.org/W4255185178"],"related_works":["https://openalex.org/W4391375266","https://openalex.org/W2899084033","https://openalex.org/W2748952813","https://openalex.org/W2390279801","https://openalex.org/W4391913857","https://openalex.org/W2358668433","https://openalex.org/W4396701345","https://openalex.org/W2376932109","https://openalex.org/W2001405890","https://openalex.org/W4396696052"],"abstract_inverted_index":{"Precisely":[0],"identifying":[1,91],"and":[2,33,70,96,120],"classifying":[3],"packed":[4,98],"executables,":[5],"especially":[6],"those":[7],"using":[8],"a":[9,18],"low":[10],"entropy":[11],"scheme":[12],"to":[13,30,48,64],"obfuscate":[14],"malicious":[15],"software,":[16],"is":[17],"crucial":[19],"aspect":[20],"of":[21,87,113],"packer":[22],"analysis.":[23],"Existing":[24],"software-based":[25],"solutions":[26],"are":[27],"inadequate,":[28],"leading":[29],"inaccurate":[31],"identification":[32],"classification.":[34],"In":[35],"this":[36,40],"study,":[37],"we":[38,59],"address":[39],"challenge":[41],"by":[42],"leveraging":[43],"Hardware":[44],"Performance":[45],"Counters":[46],"(HPCs)":[47],"classify":[49],"low-entropy":[50,95],"packers":[51,92],"in":[52,66,90,93,115,127],"binary":[53,118],"executables.":[54],"To":[55],"detect":[56],"such":[57],"packers,":[58],"employ":[60],"kernel-level":[61],"DLL":[62],"hijacking":[63],"intervene":[65],"the":[67,85,101,110],"unpacking":[68],"process":[69],"collect":[71],"corresponding":[72],"HPC":[73],"data":[74],"for":[75,124],"training":[76],"classic":[77],"machine":[78],"learning":[79],"models.":[80],"Our":[81],"experimental":[82],"results":[83],"demonstrate":[84],"effectiveness":[86],"our":[88],"approach":[89],"both":[94],"high-entropy":[97],"programs,":[99],"with":[100],"Decision":[102],"Tree":[103],"model":[104],"achieving":[105],"100%":[106],"accuracy.":[107],"This":[108],"demonstrates":[109],"significant":[111],"role":[112],"HPCs":[114],"detecting":[116],"lowentropy":[117],"packing":[119],"suggests":[121],"promising":[122],"avenues":[123],"further":[125],"advancement":[126],"security":[128],"analysis":[129],"techniques.":[130]},"counts_by_year":[],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}