Conference paper Open Access

# Malware vs Anti-Malware Battle - Gotta Evade 'em All!

Chaffey, E.; Sgandurra, D.

### Citation Style Language JSON Export

{
"publisher": "Zenodo",
"DOI": "10.5281/zenodo.4277105",
"language": "eng",
"title": "Malware vs Anti-Malware Battle - Gotta Evade 'em All!",
"issued": {
"date-parts": [
[
2020,
8,
29
]
]
},
"abstract": "<p>The landscape of malware development is ever-changing, creating a constant catch-up contest between the defenders and the adversaries. One of the methodologies that has the potential to pose a significant threat to systems is malware evasion. This is where malware tries to determine whether it is run in a controlled environment, such as a sandbox. Similarly, a malware can also learn how an Anti-Malware System (AMS) decides whether an input program is a malware or in fact benign with the goal of bypassing it. On the other hand, the AMS tries to detect whether a malware sample is performing such evasive checks, e.g. by evaluating the results of Reverse-Turing Test (RTT). This learning process can be viewed as a &lsquo;battle&rsquo; between the AMS and the malware, due to the malware attempting to defeat the AMS, where a successful win for the malware would be to evade detection by the AMS and, conversely, a win for the AMS would be to correctly detect the malware and its evasive actions. We propose a visualisation-based system, called Gotta Evade &lsquo;em All, that allows cyber-security analysts to clearly see the evasive and anti-evasive actions performed by the malware and the AMS during the battle.</p>",
"author": [
{
"family": "Chaffey, E."
},
{
"family": "Sgandurra, D."
}
],
"id": "4277105",
"type": "paper-conference",
"event": "IEEE Symposium on Visualization for Cyber Security"
}
70
99
views