Conference paper Open Access
Malware vs Anti-Malware Battle - Gotta Evade 'em All!
Chaffey, E.; Sgandurra, D.
The landscape of malware development is ever-changing, creating a constant catch-up contest between the defenders and the adversaries. One of the methodologies that has the potential to pose a significant threat to systems is malware evasion. This is where malware tries to determine whether it is run in a controlled environment, such as a sandbox. Similarly, a malware can also learn how an Anti-Malware System (AMS) decides whether an input program is a malware or in fact benign with the goal of bypassing it. On the other hand, the AMS tries to detect whether a malware sample is performing such evasive checks, e.g. by evaluating the results of Reverse-Turing Test (RTT). This learning process can be viewed as a ‘battle’ between the AMS and the malware, due to the malware attempting to defeat the AMS, where a successful win for the malware would be to evade detection by the AMS and, conversely, a win for the AMS would be to correctly detect the malware and its evasive actions. We propose a visualisation-based system, called Gotta Evade ‘em All, that allows cyber-security analysts to clearly see the evasive and anti-evasive actions performed by the malware and the AMS during the battle.
| Name | Size | |
|---|---|---|
|
47-Gotta_Evade_Em_All.pdf
md5:96b0b57f656de33bfefb61e3327b7d3a |
11.3 MB | Download |
| All versions | This version | |
|---|---|---|
| Views | 87 | 87 |
| Downloads | 150 | 150 |
| Data volume | 1.7 GB | 1.7 GB |
| Unique views | 84 | 84 |
| Unique downloads | 143 | 143 |
- Publication date:
- August 29, 2020
- DOI:
-
- Grants:
-
European Commission:
- FutureTPM - Future Proofing the Connected World: A Quantum-Resistant Trusted Platform Module (779391)
- Meeting:
- IEEE Symposium on Visualization for Cyber Security, 28th October 2020
- Communities:
- License (for files):
- Creative Commons Attribution 4.0 International