Skip to content
/ packhero Public

Implementation of the paper: "PackHero: A Scalable Graph-based Approach for Efficient Packer Identification"

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

necst/packhero

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
graph_clustering
graph_clustering
 
 
graph_extraction
graph_extraction
 
 
graph_similarity
graph_similarity
 
 
paper_evaluation
paper_evaluation
 
 
tool_dependencies
tool_dependencies
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
environment.yml
environment.yml
 
 
extract_dissmat.py
extract_dissmat.py
 
 
extract_similaritymatrices.py
extract_similaritymatrices.py
 
 
packhero.py
packhero.py
 
 
packhero.sh
packhero.sh
 
 
packhero_paper.pdf
packhero_paper.pdf
 
 
test_tool_extract_all.py
test_tool_extract_all.py
 
 
test_tool_extract_clustering.py
test_tool_extract_clustering.py
 
 
test_tool_extract_identification.py
test_tool_extract_identification.py
 
 
test_tool_extract_similarities.py
test_tool_extract_similarities.py
 
 
test_tool_extract_similarities_integration.py
test_tool_extract_similarities_integration.py
 
 

Repository files navigation

PackHero: A Scalable Graph-based Approach for Efficient Packer Identification

This repo contains the code used to implement PackHero and perform all the experiments useful for our research around this novel approach.

The idea behind PackHero is to use graphs to represent packed PEs and search for similarities among a set of well-analyzed graphs of packed PEs labeled with the known Packer. Through these similarities, the Packer that has packed the input PE is then identified.

Install Environment

The tool execution and the experiment replication need Anaconda. Once you have Anaconda installed, import the conda environment:

conda env create -f environment.yml

To run PackHero and experiments, in particular for the graph extraction part, you need to have installed radare2.

Use PackHero

To use PackHero you have to run packhero.sh, make it executable and run it with the following settings:

./packhero.sh --file|--dir --mean|--majority|--clustering <filepath|directorypath> [--discard]

Flags

  • --file - Use this flag when specifying a single file for analysis.
  • --dir - Use this flag when specifying a directory, to analyze all files within that directory.
  • <filepath|directorypath> - Specify the path to the file or directory you want to analyze. The file(s) can be both PEs and already extracted graphs saved in graphml format.
  • --mean (optional) - Run the tool in 'mean' mode. Use this flag to process the data using the mean method.
  • --majority (optional) - Run the tool in 'majority' mode. Use this flag to process the data using the majority method.
  • --clustering (optional) - Run the tool in 'clustering' mode. Use this flag to process the data using the clustering method.
  • --discard (optional) - Use this flag to discard dirty graphs.

About

Implementation of the paper: "PackHero: A Scalable Graph-based Approach for Efficient Packer Identification"

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

4 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages