Conference paper Open Access

Malware vs Anti-Malware Battle - Gotta Evade 'em All!

Chaffey, E.; Sgandurra, D.

DataCite XML Export

<?xml version='1.0' encoding='utf-8'?>
<identifier identifierType="DOI">10.5281/zenodo.4277105</identifier>
<creators>
<creator>
<creatorName>Chaffey, E.</creatorName>
<givenName>E.</givenName>
<familyName>Chaffey</familyName>
<affiliation>University of London</affiliation>
</creator>
<creator>
<creatorName>Sgandurra, D.</creatorName>
<givenName>D.</givenName>
<familyName>Sgandurra</familyName>
<affiliation>University of London</affiliation>
</creator>
</creators>
<titles>
<title>Malware vs Anti-Malware Battle - Gotta Evade 'em All!</title>
</titles>
<publisher>Zenodo</publisher>
<publicationYear>2020</publicationYear>
<dates>
<date dateType="Issued">2020-08-29</date>
</dates>
<language>en</language>
<resourceType resourceTypeGeneral="ConferencePaper"/>
<alternateIdentifiers>
<alternateIdentifier alternateIdentifierType="url">https://zenodo.org/record/4277105</alternateIdentifier>
</alternateIdentifiers>
<relatedIdentifiers>
<relatedIdentifier relatedIdentifierType="DOI" relationType="IsVersionOf">10.5281/zenodo.4277104</relatedIdentifier>
<relatedIdentifier relatedIdentifierType="URL" relationType="IsPartOf">https://zenodo.org/communities/futuretpm-h2020</relatedIdentifier>
</relatedIdentifiers>
<rightsList>
<rights rightsURI="info:eu-repo/semantics/openAccess">Open Access</rights>
</rightsList>
<descriptions>
<description descriptionType="Abstract">&lt;p&gt;The landscape of malware development is ever-changing, creating a constant catch-up contest between the defenders and the adversaries. One of the methodologies that has the potential to pose a significant threat to systems is malware evasion. This is where malware tries to determine whether it is run in a controlled environment, such as a sandbox. Similarly, a malware can also learn how an Anti-Malware System (AMS) decides whether an input program is a malware or in fact benign with the goal of bypassing it. On the other hand, the AMS tries to detect whether a malware sample is performing such evasive checks, e.g. by evaluating the results of Reverse-Turing Test (RTT). This learning process can be viewed as a &amp;lsquo;battle&amp;rsquo; between the AMS and the malware, due to the malware attempting to defeat the AMS, where a successful win for the malware would be to evade detection by the AMS and, conversely, a win for the AMS would be to correctly detect the malware and its evasive actions. We propose a visualisation-based system, called Gotta Evade &amp;lsquo;em All, that allows cyber-security analysts to clearly see the evasive and anti-evasive actions performed by the malware and the AMS during the battle.&lt;/p&gt;</description>
</descriptions>
<fundingReferences>
<fundingReference>
<funderName>European Commission</funderName>
<funderIdentifier funderIdentifierType="Crossref Funder ID">10.13039/100010661</funderIdentifier>
<awardNumber awardURI="info:eu-repo/grantAgreement/EC/H2020/779391/">779391</awardNumber>
<awardTitle>Future Proofing the Connected World: A Quantum-Resistant Trusted Platform Module</awardTitle>
</fundingReference>
</fundingReferences>
</resource>

70
97
views