Optimation through Automation of Malware Update Process, Capable of Evading Anti-Malware Systems
نویسندگان
چکیده
Implementation and maintenance of malware protection measures imply high resources usage. Such is the case of Information Security Management Systems (ISMS), whose suggested structure is described by ISO Standard 27.001:2013. In this standard, work with malware is contemplated for penetration testing (pentesting) purposes, allowing to evaluate the response of computer systems against this kind of events. The present document approaches one of the existing malware usage methods for this purpose: encrypted malware obfuscation, through dead code insertion. This method is evaluated in terms of monetary cost and required time, through simulation, to later evaluate those metrics against an automated model, tested through a prototype software. The optimization of this process through the proposed automation, yielded a significant reduction of the monetary cost and time needed.
منابع مشابه
Eliminate Evading Analysis Tricks in Malware using Dynamic Slicing
In order to be a long time alive, modern malware often make anti-emulation check after launched for evading dynamic analysis. Malware authors gain fingerprint information of target environment through several API to detect whether their creations are running in monitored state or not. If an emulated analysis environment is detected, the malware will change its running to avoid malicious behavio...
متن کاملStealth attacks: An extended insight into the obfuscation effects on Android malware
In order to effectively evade anti-malware solutions, Android malware authors are progressively resorting to automatic obfuscation strategies. Recent works have shown, on small-scale experiments, the possibility of evading anti-malware engines by applying simple obfuscation transformations on previously detected malware samples. In this paper, we provide a large-scale experiment in which the de...
متن کاملEvading Machine Learning Malware Detection
Machine learning is a popular approach to signatureless malware detection because it can generalize to never-beforeseen malware families and polymorphic strains. This has resulted in its practical use for either primary detection engines or supplementary heuristic detections by anti-malware vendors. Recent work in adversarial machine learning has shown that models are susceptible to gradient-ba...
متن کاملAdversarial Malware Binaries: Evading Deep Learning for Malware Detection in Executables
Machine-learning methods have already been exploited as useful tools for detecting malicious executable files. They leverage data retrieved from malware samples, such as header fields, instruction sequences, or even raw bytes, to learn models that discriminate between benign and malicious software. However, it has also been shown that machine learning and deep neural networks can be fooled by e...
متن کاملAnnotated Control Flow Graph for Metamorphic Malware Detection
Metamorphism is a technique that mutates the binary code using different obfuscations and never keeps the same sequence of opcodes in the memory. This stealth technique provides the capability to a malware for evading detection by simple signature-based (such as instruction sequences, byte sequences and string signatures) anti-malware programs. In this paper, we present a new scheme named Annot...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- Research in Computing Science
دوره 127 شماره
صفحات -
تاریخ انتشار 2016