Packer classification based on association rule mining

Detecting packer programs is a key step in the defense against malicious programs and plays a key role in cyber security defenses. One challenge with packer classification is that many features have been used and their individual significance is unknown. An effective approach for building classifiers without requiring prior knowledge of feature significance is to use associative classification (AC) algorithms, which combine association rules and classification. This work considers many different AC algorithms for the challenge of packer detection. Novel variations of many of these algorithms are also developed to address challenges related to having many features of varying types. The effectiveness of the classifiers produced by these algorithms is evaluated, including over time as packers and malware evolve. (C) 2022 Elsevier B.V. All rights reserved. (AU)