{"id":"https://openalex.org/W4411205231","doi":"https://doi.org/10.1109/isdfs65363.2025.11012083","title":"Packers and Features: Efficacy of Static Analysis for Packed Linux Malware","display_name":"Packers and Features: Efficacy of Static Analysis for Packed Linux Malware","publication_year":2025,"publication_date":"2025-04-24","ids":{"openalex":"https://openalex.org/W4411205231","doi":"https://doi.org/10.1109/isdfs65363.2025.11012083"},"language":"en","primary_location":{"id":"doi:10.1109/isdfs65363.2025.11012083","is_oa":false,"landing_page_url":"https://doi.org/10.1109/isdfs65363.2025.11012083","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 13th International Symposium on Digital Forensics and Security (ISDFS)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5111267535","display_name":"Jayanthi Ramamoorthy","orcid":null},"institutions":[{"id":"https://openalex.org/I191429286","display_name":"Sam Houston State University","ror":"https://ror.org/00yh3cz06","country_code":"US","type":"education","lineage":["https://openalex.org/I191429286"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Jayanthi Ramamoorthy","raw_affiliation_strings":["Sam Houston State University,Department of Computer Science,Huntsville,TX"],"affiliations":[{"raw_affiliation_string":"Sam Houston State University,Department of Computer Science,Huntsville,TX","institution_ids":["https://openalex.org/I191429286"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5086039015","display_name":"Narasimha Shashidhar","orcid":"https://orcid.org/0000-0002-4877-158X"},"institutions":[{"id":"https://openalex.org/I191429286","display_name":"Sam Houston State University","ror":"https://ror.org/00yh3cz06","country_code":"US","type":"education","lineage":["https://openalex.org/I191429286"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Narasimha K Shashidhar","raw_affiliation_strings":["Sam Houston State University,Department of Computer Science,Huntsville,TX"],"affiliations":[{"raw_affiliation_string":"Sam Houston State University,Department of Computer Science,Huntsville,TX","institution_ids":["https://openalex.org/I191429286"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5061796733","display_name":"Cihan Varol","orcid":"https://orcid.org/0000-0002-4940-6808"},"institutions":[{"id":"https://openalex.org/I191429286","display_name":"Sam Houston State University","ror":"https://ror.org/00yh3cz06","country_code":"US","type":"education","lineage":["https://openalex.org/I191429286"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Cihan Varol","raw_affiliation_strings":["Sam Houston State University,Department of Computer Science,Huntsville,TX"],"affiliations":[{"raw_affiliation_string":"Sam Houston State University,Department of Computer Science,Huntsville,TX","institution_ids":["https://openalex.org/I191429286"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5111267535"],"corresponding_institution_ids":["https://openalex.org/I191429286"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.18086884,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"6"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9965999722480774,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9965999722480774,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12034","display_name":"Digital and Cyber Forensics","score":0.9785000085830688,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12127","display_name":"Software System Performance and Reliability","score":0.9319000244140625,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.8179519176483154},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6823476552963257},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.5814850330352783},{"id":"https://openalex.org/keywords/malware-analysis","display_name":"Malware analysis","score":0.47855931520462036},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.4243961572647095},{"id":"https://openalex.org/keywords/static-analysis","display_name":"Static analysis","score":0.41384702920913696},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.14763784408569336}],"concepts":[{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.8179519176483154},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6823476552963257},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.5814850330352783},{"id":"https://openalex.org/C2779395397","wikidata":"https://www.wikidata.org/wiki/Q15731404","display_name":"Malware analysis","level":3,"score":0.47855931520462036},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.4243961572647095},{"id":"https://openalex.org/C97686452","wikidata":"https://www.wikidata.org/wiki/Q7604153","display_name":"Static analysis","level":2,"score":0.41384702920913696},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.14763784408569336}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/isdfs65363.2025.11012083","is_oa":false,"landing_page_url":"https://doi.org/10.1109/isdfs65363.2025.11012083","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 13th International Symposium on Digital Forensics and Security (ISDFS)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":["https://openalex.org/W2469507153","https://openalex.org/W2008790809","https://openalex.org/W2768892939","https://openalex.org/W3164408430","https://openalex.org/W4285507391","https://openalex.org/W3107556205","https://openalex.org/W2610659201","https://openalex.org/W2067547021","https://openalex.org/W2805262980","https://openalex.org/W4234891089"],"abstract_inverted_index":{"Packed":[0],"binaries":[1,28,73,101],"pose":[2],"a":[3,143,153,171],"significant":[4],"challenge":[5],"to":[6,97,155],"malware":[7,54,89],"detection,":[8,139],"evading":[9],"static":[10,62,124,161],"analysis":[11,63,125,162],"through":[12,165],"compression,":[13],"encryption,":[14],"and":[15,80,109,115,126,157],"obfuscation":[16],"techniques.":[17],"While":[18,168],"most":[19],"research":[20],"focuses":[21],"on":[22,61],"packed":[23,53,74,88,91,102,148,176],"Windows":[24],"PE":[25],"files,":[26],"ELF":[27,72],"remain":[29],"relatively":[30],"unexplored":[31],"despite":[32],"their":[33],"increasing":[34],"presence":[35],"in":[36,51,146,198],"Linux-taraetina":[37],"malware.":[38],"This":[39,150],"study":[40,151],"presents":[41],"key":[42],"insights":[43],"into":[44],"the":[45,69,121,127,202],"effectiveness":[46],"of":[47,123,196,204],"machine":[48],"learning":[49],"models":[50,95],"distinguishing":[52,199],"from":[55],"benign":[56,92],"binaries.":[57,93,149],"Detection":[58],"accuracy":[59],"based":[60],"features":[64,163],"is":[65],"significantly":[66],"influenced":[67],"by":[68],"packer":[70,140],"implementation.":[71],"with":[75,103,189],"open-source":[76],"packers":[77,105,159],"like":[78],"UPX":[79],"elf-packer":[81],"can":[82],"be":[83],"accurately":[84],"classified":[85],"as":[86,107],"either":[87],"or":[90],"However,":[94],"struggle":[96],"generalize":[98],"detection":[99],"for":[100,129,174],"advanced":[104],"such":[106],"Elfpack":[108],"Kiteshield,":[110],"which":[111],"employ":[112],"multi-layer":[113],"encryption":[114],"runtime":[116],"unpacking.":[117],"These":[118],"findings":[119],"highlight":[120],"limitations":[122],"need":[128],"hybrid":[130],"approaches":[131],"that":[132],"incorporate":[133],"dynamic":[134],"analysis.":[135,206],"Beyond":[136],"mal":[137],"ware":[138],"identification":[141],"plays":[142],"crucial":[144],"role":[145],"understanding":[147],"introduces":[152],"methodology":[154],"detect":[156],"classify":[158],"using":[160],"extracted":[164],"reverse":[166],"engineering.":[167],"entropy":[169],"re-mains":[170],"common":[172],"metric":[173],"identifying":[175],"binaries,":[177],"it":[178],"proves":[179],"insufficient":[180],"against":[181],"low-entropy":[182],"packers.":[183],"Feature":[184],"engineering":[185],"en-hances":[186],"classification":[187],"performance,":[188],"Random":[190],"Forest":[191],"achieving":[192],"an":[193],"Fl":[194],"score":[195],"0.959":[197],"packers,":[200],"reinforcing":[201],"importance":[203],"packer-aware":[205]},"counts_by_year":[],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}