Semantic Validation of Packer Identification Tools: Characterization, Repair, and Downstream Impact
Pith reviewed 2026-06-29 21:24 UTC · model grok-4.3
The pith
Unpackers serve as automatic oracles to validate and repair packer identification tools, improving coverage by up to 58.6% and malware classification by over 13.6%.
A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.
Core claim
Packer identification tools can be tested for semantic correctness by using the corresponding unpacker as an executable contract: a correct prediction should enable the unpacker to produce analyzable content. This oracle allows systematic detection, localization, and repair of semantic faults without ground truth. Empirical evaluation on multiple tools shows that such faults are common, and fixing them yields large gains in identification coverage and in the performance of malware classifiers that depend on accurate packer labels.
What carries the argument
The unpacker serving as an executable semantic contract, which automatically verifies if a packer prediction is correct by attempting to unpack the sample.
Load-bearing premise
Unpackers reliably succeed only on correctly identified packers and fail otherwise, providing a trustworthy test oracle.
What would settle it
Finding even one case where a wrong packer prediction allows successful unpacking by its unpacker, or a correct prediction fails to unpack.
Figures
read the original abstract
Packer identification tools are a critical foundation of malware analysis, directly affecting unpacking, behavioral analysis, malware classification, and threat attribution. However, their semantic correctness is rarely validated. In practice, a tool may return a plausible packer label that is nevertheless semantically wrong, leading to failed unpacking and unreliable downstream analysis. This paper presents a semantic validation framework for testing and repairing packer identification tools. Our key idea is to use unpackers as executable semantic contracts. If a tool predicts a packer family, the corresponding unpacker should recover analyzable program content. This enables automatic test oracles without requiring manually labeled ground truth. Building on this idea, we develop a systematic pipeline for detecting, localizing, and repairing semantic faults in existing packer identification tools. We then conduct the first large-scale empirical study of semantic bugs in eleven open-source packer identification tools and six proprietary VirusTotal tools. Our results reveal that semantic bugs are widespread and recurring, largely due to incomplete signatures and unstable heuristic logic. After repair, packer identification coverage improves by up to 58.6%, and downstream malware classification performance improves by more than 13.6% on average. These findings show that semantic validation of packer identification tools is essential for building trustworthy malware analysis pipelines.
Editorial analysis
A structured set of objections, weighed in public.
Referee Report
Summary. The paper claims that packer identification tools contain widespread semantic bugs (due to incomplete signatures and unstable heuristics) that can be automatically detected, localized, and repaired by treating unpackers as executable semantic contracts: a predicted packer family is deemed correct iff the matching unpacker recovers analyzable content. This oracle enables validation without manual ground truth. The authors apply the resulting pipeline to 11 open-source tools and 6 VirusTotal tools, report that semantic bugs are common, and claim that post-repair coverage improves by up to 58.6 % while downstream malware classification improves by more than 13.6 % on average.
Significance. If the unpacker-oracle assumption holds, the work would be significant: it supplies the first large-scale, automatic method for semantic (rather than syntactic) validation of packer detectors and demonstrates measurable downstream gains in a critical malware-analysis pipeline. The scale of the study across both open-source and proprietary tools is a clear strength. However, the central results rest on an unvalidated oracle whose reliability is not demonstrated in the manuscript.
major comments (2)
- [Abstract; Semantic Validation Framework section] The central claim that unpackers constitute reliable semantic oracles (a packer prediction is correct iff the corresponding unpacker succeeds) is load-bearing for every reported bug count, repair, and performance gain. No experiment is described that tests whether unpackers can succeed on an incorrect packer label or fail on a correct one, nor is there evidence that every packer family possesses a faithful unpacker. This assumption is stated in the abstract and developed in the semantic-validation framework section but is never empirically checked.
- [Empirical study / Results section (where the 58.6 % and 13.6 % figures appear)] The reported quantitative gains (58.6 % coverage improvement, >13.6 % downstream classification improvement) are presented without any description of sample selection criteria, number of binaries, error-bar computation, or controls for unpacker failure modes. Because the oracle itself is unvalidated, these numbers cannot be interpreted as evidence of improved semantic correctness rather than simply more samples being passed to the unpacker.
minor comments (2)
- [Framework section] Notation for packer families, unpacker success criteria, and “analyzable content” is introduced without a consolidated table or formal definition, making it difficult to replicate the oracle predicate.
- [Limitations / Discussion] The manuscript does not discuss how the approach handles packers that have no corresponding unpacker or unpackers that are themselves buggy; this edge case should be stated explicitly.
Simulated Author's Rebuttal
We thank the referee for the constructive feedback. The two major comments identify important gaps in the presentation and validation of the oracle assumption. We address each below and commit to revisions that strengthen the manuscript without altering its core claims.
read point-by-point responses
-
Referee: [Abstract; Semantic Validation Framework section] The central claim that unpackers constitute reliable semantic oracles (a packer prediction is correct iff the corresponding unpacker succeeds) is load-bearing for every reported bug count, repair, and performance gain. No experiment is described that tests whether unpackers can succeed on an incorrect packer label or fail on a correct one, nor is there evidence that every packer family possesses a faithful unpacker. This assumption is stated in the abstract and developed in the semantic-validation framework section but is never empirically checked.
Authors: We agree that the manuscript presents the unpacker-oracle as a definitional contract without a dedicated ground-truth experiment that would measure false-positive or false-negative rates of the oracle itself. The framework section motivates the approach via the executable-contract property and the empirical study reports downstream effects, but no separate validation set with manually confirmed packer labels is used to quantify oracle error. In revision we will add a new subsection that (a) enumerates known unpacker failure modes, (b) reports results on a small manually inspected subset of samples where packer labels were cross-checked against multiple sources, and (c) discusses the practical difficulty of obtaining comprehensive ground truth. These additions will make the assumption's scope explicit while preserving the original large-scale results. revision: partial
-
Referee: [Empirical study / Results section (where the 58.6 % and 13.6 % figures appear)] The reported quantitative gains (58.6 % coverage improvement, >13.6 % downstream classification improvement) are presented without any description of sample selection criteria, number of binaries, error-bar computation, or controls for unpacker failure modes. Because the oracle itself is unvalidated, these numbers cannot be interpreted as evidence of improved semantic correctness rather than simply more samples being passed to the unpacker.
Authors: The Empirical Study section does specify the corpus (binaries collected from public malware repositories and VirusTotal submissions, filtered for diversity across known packer families and file types) and states the total number of samples processed. However, the referee is correct that explicit sample-selection criteria, per-family counts, error-bar computation, and explicit controls for unpacker failures independent of the predicted label are not detailed. We will expand the section to include these elements: a table of sample counts per packer family, standard deviations across repeated runs, and an analysis of unpacker failure cases that occur even when the label is held constant. The reported gains remain relative improvements measured on identical input sets before and after repair; the added controls will clarify that the measured lift is not merely an artifact of feeding more samples to unpackers. revision: yes
Circularity Check
No significant circularity; empirical measurements are independent of inputs
full rationale
The paper's central results consist of measured improvements in packer identification coverage (up to 58.6%) and downstream classification accuracy (more than 13.6%) obtained by applying a repair pipeline to eleven open-source and six VirusTotal tools. These quantities are obtained from direct experimental runs on malware samples and are not derived from any equations, fitted parameters, or self-citations that reduce the reported gains to quantities defined by the same inputs. The use of unpackers as oracles is an explicit methodological assumption rather than a self-definitional loop, and no load-bearing step in the provided text collapses a prediction or uniqueness claim back onto the paper's own fitted values or prior self-citations.
Axiom & Free-Parameter Ledger
axioms (1)
- domain assumption Unpackers can serve as executable semantic contracts that automatically validate packer predictions without manually labeled ground truth.
Reference graph
Works this paper leans on
-
[1]
The Americas
Francis Adkins, Luke Jones, Martin Carlisle, and Jason Upchurch. 2013. Heuristic malware detection via basic block comparison. In2013 8th International Conference on Malicious and Unwanted Software:" The Americas"(MALW ARE). IEEE, 11–18
2013
-
[2]
Saadaldeen Rashid Ahmed, Salah J Mohamed, Mohammed S Aljanabi, Sameer Al- gburi, Duaa A Majeed, Neesrin Ali Kurdi, Mohammed Al-Sarem, and Jamal Fadhil Tawfeq. 2024. A Novel Approach to Malware Detection using Machine Learn- ing and Image Processing. InProceedings of the Cognitive Models and Artificial Intelligence Conference. 298–302
2024
-
[3]
aldeid. 2018. Category: Digital-Forensics/Computer-Forensics/Anti-Reverse- Engineering/Packers/WinUpack. https://www.aldeid.com/wiki/Category:Digital- Forensics/Computer-Forensics/Anti-Reverse-Engineering/Packers/WinUpack. Last edited March 7, 2018. Accessed March 26, 2026
2018
-
[4]
ASPack Software. 2020. ASPack Downloads. http://www.aspack.com/downloads. html. Accessed: 2026-03-22
2020
-
[5]
attilamester. 2025. UniPacker: Automatic and Platform-Independent Unpacker for Windows Binaries Based on Emulation. https://github.com/unipacker/unipacker. GitHub repository, accessed Mar. 24, 2026
2025
-
[6]
Munkhbayar Bat-Erdene, Hyundo Park, Hongzhe Li, Heejo Lee, and Mahn-Soo Choi. 2017. Entropy analysis to classify unknown packing algorithms for malware detection.International Journal of Information Security16, 3 (2017), 227–248
2017
-
[7]
Ikram Ben Abdel Ouahab, Mohammed Bouhorma, Anouar Abdelhakim Boudhir, and Lotfi El Aachak. 2020. Classification of Grayscale Malware Images Using the K-Nearest Neighbor Algorithm. InInnovations in Smart Cities Applications Edition 3, Mohamed Ben Ahmed, Anouar Abdelhakim Boudhir, Domingos San- tos, Mohamed El Aroussi, and İsmail Rakıp Karas (Eds.). Springe...
2020
-
[8]
Vivek Bhardwaj, Vinay Kukreja, Chetan Sharma, Isha Kansal, and Renu Popali
-
[9]
In2021 international conference on advances in computing, communication, and control (ICAC3)
Reverse engineering-a method for analyzing malicious code behavior. In2021 international conference on advances in computing, communication, and control (ICAC3). IEEE, 1–5
-
[10]
Fabrizio Biondi, Michael A Enescu, Thomas Given-Wilson, Axel Legay, Lamine Noureddine, and Vivek Verma. 2019. Effective, efficient, and robust packing detection and classification.Computers & Security85 (2019), 436–451
2019
-
[11]
Alexandre Borges. 2026. Manalyze: A static analyzer for PE executables. https: //github.com/JusticeRage/Manalyze. GitHub repository, accessed March 14, 2026
2026
-
[12]
cg10036. [n. d.]. Themida Unpacker for .NET. https://github.com/cg10036/ Themida-Unpacker-for-.NET. GitHub repository, accessed Mar. 25, 2026
2026
-
[13]
Jinrong Chen. 2020. A malware classification method based on basic block and CNN. InNeural Information Processing: 27th International Conference, ICONIP 2020, Bangkok, Thailand, November 18–22, 2020, Proceedings, Part IV 27. Springer, 275–283
2020
-
[14]
Jeremy Collake. 2017. PECompact – Windows (PE) Executable Compressor. https://bitsum.com/portfolio/pecompact/. Accessed: 2026-03-26
2017
-
[15]
crackinglandia. [n. d.]. fuu: A Tool for Unpacking or Analyzing Packed Executa- bles. https://github.com/crackinglandia/fuu. GitHub repository, accessed Mar. 25, 2026
2026
-
[16]
Zhihua Cui, Fei Xue, Xingjuan Cai, Yang Cao, Gai-ge Wang, and Jinjun Chen. 2018. Detection of Malicious Code Variants Based on Deep Learning.IEEE Transactions on Industrial Informatics14, 7 (2018), 3187–3196. doi:10.1109/TII.2018.2822680
-
[17]
CYB3RMX. 2026. Qu1cksc0pe. https://github.com/CYB3RMX/Qu1cksc0pe. GitHub repository. Accessed: 2026-03-14
2026
-
[18]
Gordon Darroch. 2026. How it works.VirusTotal(2026). https://docs.virustotal. com/docs/how-it-works
2026
-
[19]
Un4seen Developments. [n. d.]. Win32 Executable Compressor. https://www. un4seen.com/petite/. Accessed: 2026-03-26
2026
-
[20]
Marco Di Gennaro, Mario D’Onghia, Mario Polino, Stefano Zanero, and Michele Carminati. 2025. PackHero: A Scalable Graph-based Approach for Efficient Packer Identification. InInternational Conference on Detection of Intrusions and Malware, and Vulnerability Assessment. Springer, 253–274
2025
-
[21]
Evan Downing, Yisroel Mirsky, Kyuhong Park, and Wenke Lee. 2021. {DeepReflect}: Discovering malicious functionality through binary reconstruc- tion. In30th USENIX security symposium (USENIX Security 21). 3469–3486
2021
-
[22]
Exeinfo ASL. 2026. ASL. https://github.com/ExeinfoASL/ASL/tree/master. GitHub repository. Accessed: 2026-03-14
2026
-
[23]
extremecoders-re. [n. d.]. PyInstaller Extractor. https://github.com/ extremecoders-re/pyinstxtractor. GitHub repository, accessed Mar. 24, 2026
2026
-
[24]
fatrolls. [n. d.]. Quick-Unpack: A Fast Tool for Unpacking Executables. https: //github.com/fatrolls/Quick-Unpack. GitHub repository, accessed Mar. 25, 2026
2026
-
[25]
and Koh M
FFRI Security, Inc. and Koh M. Nakagawa. [n. d.]. pypeid: Yet another imple- mentation of PEiD with yara-python. https://github.com/FFRI/pypeid. GitHub repository, accessed March 14, 2026
2026
-
[26]
Fraunhofer FKIE. [n. d.]. Malpedia is a free service offered by Fraunhofer FKIE. https://malpedia.caad.fkie.fraunhofer.de/. Accessed: 2026-03-26
2026
-
[27]
Nguyen Minh Hai, Mizuhito Ogawa, and Quan Thanh Tho. 2017. Packer identifi- cation based on metadata signature. InProceedings of the 7th software security, protection, and reverse engineering/software security and protection workshop. 1– 11
2017
-
[28]
Seungwon Han, Keungi Lee, and Sangjin Lee. 2009. Packed PE file detection for malware forensics. In2009 2nd International Conference on Computer Science and Its Applications, CSA 2009. 5404211
2009
-
[29]
hasherezade. [n. d.]. mal_unpack: Dynamic Unpacker Based on PE-sieve. https: //github.com/hasherezade/mal_unpack. GitHub repository, accessed Mar. 25, 2026
2026
-
[30]
horsicq. 2026. Detect It Easy (DiE). https://github.com/horsicq/Detect-It-Easy. GitHub repository. Accessed: Feb. 21, 2026
2026
-
[31]
Ice3man543. [n. d.]. MalScan. https://github.com/Ice3man543/MalScan. GitHub repository, accessed March 18, 2026
2026
-
[32]
Kesav Kancherla, John Donahue, and Srinivas Mukkamala. 2016. Packer iden- tification using Byte plot and Markov plot.Journal of Computer Virology and Hacking Techniques12, 2 (2016), 101–111
2016
-
[33]
Kanxue. [n. d.]. Kanxue Tool. https://tool.kanxue.com/. Accessed Mar. 24, 2026
2026
-
[34]
Jiliang Li, Yifan Zhang, Yu Huang, and Kevin Leach. 2025. Malmixer: Few-shot malware classification with retrieval-augmented semi-supervised learning. In 2025 IEEE 10th European Symposium on Security and Privacy (EuroS&P). IEEE, 268–288
2025
-
[35]
Xingwei Li, Zheng Shan, Fudong Liu, Yihang Chen, and Yifan Hou. 2019. A consistently-executing graph-based approach for malware packer identification. IEEE Access7 (2019), 51620–51629
2019
-
[36]
Yajun Liu, Hong Fan, Jianguang Zhao, Jianfang Zhang, and Xinxin Yin. 2024. Efficient and generalized image-based CNN algorithm for multi-class malware detection.IEEE Access(2024)
2024
-
[37]
Ya-shu Liu, Yu-Kun Lai, Zhi-Hai Wang, and Han-Bing Yan. 2019. A new learning approach to malware classification using discriminative feature extraction.IEEE Access7 (2019), 13015–13023
2019
-
[38]
Robert Lyda and James Hamrock. 2007. Using entropy analysis to find encrypted and packed malware.IEEE security & privacy5, 2 (2007), 40–45
2007
-
[39]
Nahid Maleki, Mehdi Bateni, and Hamid Rastegari. 2019. An improved method for packed malware detection using PE header and section table information. International Journal of Computer Network and Information Security9, 9 (2019), 9
2019
-
[40]
mentebinaria. 2026. ReadPE: Portable Executable File Reader. https://github.com/ mentebinaria/readpe. GitHub repository. Accessed: Feb. 21, 2026
2026
-
[41]
L. Nataraj, S. Karthikeyan, G. Jacob, and B. S. Manjunath. 2011. Malware images: visualization and automatic classification. InProceedings of the 8th International Symposium on Visualization for Cyber Security (VizSec ’11). As- sociation for Computing Machinery, New York, NY, USA, Article 4, 7 pages. doi:10.1145/2016904.2016908
-
[42]
Oberhumer, László Molnár, and John F
Markus F.X.J. Oberhumer, László Molnár, and John F. Reiser. [n. d.]. the Ultimate Packer for eXecutables. https://upx.github.io/. Accessed: 2024-12-30
2024
-
[43]
orcastor. [n. d.]. unpack: An Unpacking Tool for PE Binaries. https://github.com/ orcastor/unpack. GitHub repository, accessed Mar. 24, 2026
2026
-
[44]
Oreans Technologies. [n. d.]. Themida Protector. https://www.oreans.com/ Themida.php. Accessed: 2026-03-22
2026
-
[45]
Kevin O’Reilly and CAPEv2 contributors. 2026. CAPEv2: Malware Configura- tion and Payload Extraction. https://github.com/kevoreilly/CAPEv2. GitHub repository, accessed May 25, 2026
2026
-
[46]
packing-box. [n. d.]. pypackerdetect: Packing detection tool for PE files. https:// github.com/packing-box/pypackerdetect?tab=readme-ov-file. GitHub repository, accessed March 14, 2026
2026
-
[47]
packing-box. 2026. Awesome Executable Packing. https://github.com/packing- box/awesome-executable-packing GitHub repository, accessed Mar. 24, 2026
2026
-
[48]
packing-box. 2026. PEiD: Portable Executable Identifier. https://github.com/ packing-box/peid. GitHub repository. Accessed: Feb. 21, 2026
2026
-
[49]
Marco Pontello. [n. d.]. TrID - File Identifier. https://mark0.net/soft-trid-e.html. Accessed: 2026-03-14
2026
-
[50]
PyInstaller Development Team. [n. d.]. PyInstaller Manual. https://pyinstaller. org/en/stable/. Version 6.19.0, accessed: 2026-03-22
2026
-
[51]
Yitong Ren, Yanjun Xiao, Yinghai Zhou, Zhiyong Zhang, and Zhihong Tian. 2022. CSKG4APT: A cybersecurity knowledge graph for advanced persistent threat organization attribution.IEEE Transactions on Knowledge and Data Engineering 35, 6 (2022), 5695–5709
2022
-
[52]
Moustafa Saleh, E Paul Ratazzi, and Shouhuai Xu. 2017. A control flow graph- based signature for packer identification. InMILCOM 2017-2017 IEEE Military Communications Conference (MILCOM). IEEE, 683–688
2017
-
[53]
Joshua Saxe and Konstantin Berlin. 2015. Deep neural network based malware detection using two dimensional binary program features. In2015 10th Inter- national Conference on Malicious and Unwanted Software (MALW ARE). 11–20. doi:10.1109/MALWARE.2015.7413680
-
[54]
SecurityXploded. [n. d.]. PESpin Plugin for ImpREC. https://securityxploded. com/pespinplugin.php. Accessed: 2026-03-26
2026
-
[55]
Softpedia. 2004. MEW - Download - Softpedia. https://www.softpedia.com/get/ Programming/Packers-Crypters-Protectors/MEW-SE.shtml. Accessed: 2026-03- 22. IEEE, 2026, Trovato et al
2004
-
[56]
MATCODE Software. [n. d.]. MPRESS is a free, high-performance executable packer for PE32/PE32+/.NET/MAC-DARWIN executable formats! https://www. autohotkey.com/mpress/mpress_web.htm. Accessed: 2026-03-26
2026
-
[57]
Jon Stephens, Babak Yadegari, Christian Collberg, Saumya Debray, and Carlos Scheidegger. 2018. Probabilistic obfuscation through covert channels. In2018 IEEE European Symposium on Security and Privacy (EuroS&P). IEEE, 243–257
2018
-
[58]
Alexey Sudachén. [n. d.]. Molebox Virtualization. https://sudachen.github.io/ Molebox/. Official website, accessed: 2026-03-22
2026
-
[59]
Li Sun, Steven Versteeg, Serdar Boztaş, and Trevor Yann. 2010. Pattern recognition techniques for the classification of malware packers. InAustralasian Conference on Information Security and Privacy. Springer, 370–390
2010
-
[60]
Threat Intelligence Team. 2025. Revisiting the NSIS-based crypter . https:// www.threatdown.com/blog/revisiting-the-nsis-based-crypter/. Accessed: July 17, 2025
2025
-
[61]
Top4Download.com. [n. d.]. PEiD screenshot. https://www.top4download.com/ peid-tab/screenshot-gaqrbxek.html. Accessed: 2026-03-18
2026
-
[62]
Xabier Ugarte-Pedrero, Davide Balzarotti, Igor Santos, and Pablo G Bringas
-
[63]
In International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Rambo: Run-time packer analysis with multiple branch observation. In International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment. Springer, 186–206
-
[64]
Susana M Vieira, Uzay Kaymak, and João MC Sousa. 2010. Cohen’s kappa coeffi- cient as a performance measure for feature selection. InInternational conference on fuzzy systems. IEEE, 1–8
2010
-
[65]
VirusShare. [n. d.]. VirusShare: A Repository of Malware Samples. https:// virusshare.com/. Accessed Feb. 7, 2026
2026
-
[66]
wolfram77web. 2026. app-peid. https://github.com/wolfram77web/app-peid. GitHub repository. Accessed: 2026-03-14
2026
-
[67]
Peng Wu, Mohan Gao, Fuhui Sun, Xiaoyan Wang, and Li Pan. 2025. Multi- perspective API call sequence behavior analysis and fusion for malware classifi- cation.Computers & Security148 (2025), 104177
2025
-
[68]
XenocodeRCE. 2017. ConfuserEx-Unpacker: A Dynamic Unpacker for ConfuserEx-Protected Binaries. https://github.com/XenocodeRCE/ConfuserEx- Unpacker. GitHub repository, accessed Mar. 25, 2026
2017
-
[69]
Hiromu Yakura, Shinnosuke Shinozaki, Reon Nishimura, Yoshihiro Oyama, and Jun Sakuma. 2018. Malware analysis of imaged binary samples by convolutional neural network with attention mechanism. InProceedings of the Eighth ACM Conference on Data and Application Security and Privacy. 127–134
2018
-
[70]
yck1509. 2015. ConfuserEx. https://github.com/yck1509/ConfuserEx. GitHub repository, archived Jan. 27, 2019; accessed Mar. 26, 2026
2015
-
[71]
Yt-trium. [n. d.]. PKLITE-1.12-data-unpacker. https://github.com/Yt-trium/ PKLITE-1.12-data-unpacker. GitHub repository, accessed Mar. 24, 2026
2026
-
[72]
Baoguo Yuan, Junfeng Wang, Dong Liu, Wen Guo, Peng Wu, and Xuhua Bao. 2020. Byte-level malware classification based on markov images and deep learning. Computers & Security92 (2020), 101740. doi:10.1016/j.cose.2020.101740
-
[73]
Huan Zhang, Lixin Zhao, Aimin Yu, Lijun Cai, and Dan Meng. 2024. Ranker: Early ransomware detection through kernel-level behavioral analysis.IEEE Transactions on Information Forensics and Security19 (2024), 6113–6127
2024
-
[74]
Jixin Zhang, Kehuan Zhang, Zheng Qin, Hui Yin, and Qixin Wu. 2018. Sensitive system calls based packed malware variants detection using principal component initialized MultiLayers neural networks.Cybersecurity1, 1 (2018), 10
2018
-
[75]
Zilin Zhao, Dawei Zhao, Shumian Yang, and Lijuan Xu. 2023. Image-Based Malware Classification Method with the AlexNet Convolutional Neural Network Model.Security and Communication Networks2023, 1 (2023), 6390023
2023
-
[76]
Tao Zheng, Qiyu Hou, Xingshu Chen, Hao Ren, Meng Li, Hongwei Li, and Changxiang Shen. 2025. Gupacker: Generalized Unpacking Framework for An- droid Malware.IEEE Transactions on Information Forensics and Security(2025)
2025
-
[77]
Fangtian Zhong, Zekai Chen, Minghui Xu, Guoming Zhang, Dongxiao Yu, and Xiuzhen Cheng. 2023. Malware-on-the-Brain: Illuminating Malware Byte Codes With Images for Malware Classification.IEEE Trans. Comput.72, 2 (2023), 438–451. doi:10.1109/TC.2022.3160357
-
[78]
Fangtian Zhong, Qin Hu, Yili Jiang, Jiaqi Huang, and Xiuzhen Cheng. 2025. Un- veiling Malware Visual Patterns: A Self-Analysis Perspective.IEEE Transactions on Information Forensics and Security(2025)
2025
-
[79]
Fangtian Zhong, Qin Hu, Yili Jiang, Jiaqi Huang, Cheng Zhang, and Dinghao Wu. 2024. Enhancing malware classification via self-similarity techniques.IEEE Transactions on Information Forensics and Security(2024)
2024
discussion (0)
Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.