Conference paper Open Access

Malware vs Anti-Malware Battle - Gotta Evade 'em All!

Chaffey, E.; Sgandurra, D.


JSON Export

{
  "files": [
    {
      "links": {
        "self": "https://zenodo.org/api/files/d2744788-bd02-46f8-acc1-82df69218fd9/47-Gotta_Evade_Em_All.pdf"
      }, 
      "checksum": "md5:96b0b57f656de33bfefb61e3327b7d3a", 
      "bucket": "d2744788-bd02-46f8-acc1-82df69218fd9", 
      "key": "47-Gotta_Evade_Em_All.pdf", 
      "type": "pdf", 
      "size": 11347646
    }
  ], 
  "owners": [
    41483
  ], 
  "doi": "10.5281/zenodo.4277105", 
  "stats": {
    "version_unique_downloads": 96.0, 
    "unique_views": 68.0, 
    "views": 70.0, 
    "version_views": 70.0, 
    "unique_downloads": 96.0, 
    "version_unique_views": 68.0, 
    "volume": 1134764600.0, 
    "version_downloads": 100.0, 
    "downloads": 100.0, 
    "version_volume": 1134764600.0
  }, 
  "links": {
    "doi": "https://doi.org/10.5281/zenodo.4277105", 
    "conceptdoi": "https://doi.org/10.5281/zenodo.4277104", 
    "bucket": "https://zenodo.org/api/files/d2744788-bd02-46f8-acc1-82df69218fd9", 
    "conceptbadge": "https://zenodo.org/badge/doi/10.5281/zenodo.4277104.svg", 
    "html": "https://zenodo.org/record/4277105", 
    "latest_html": "https://zenodo.org/record/4277105", 
    "badge": "https://zenodo.org/badge/doi/10.5281/zenodo.4277105.svg", 
    "latest": "https://zenodo.org/api/records/4277105"
  }, 
  "conceptdoi": "10.5281/zenodo.4277104", 
  "created": "2020-11-17T09:33:00.481675+00:00", 
  "updated": "2020-11-18T12:27:07.499313+00:00", 
  "conceptrecid": "4277104", 
  "revision": 2, 
  "id": 4277105, 
  "metadata": {
    "access_right_category": "success", 
    "doi": "10.5281/zenodo.4277105", 
    "description": "<p>The landscape of malware development is ever-changing, creating a constant catch-up contest between the defenders and the adversaries. One of the methodologies that has the potential to pose a significant threat to systems is malware evasion. This is where malware tries to determine whether it is run in a controlled environment, such as a sandbox. Similarly, a malware can also learn how an Anti-Malware System (AMS) decides whether an input program is a malware or in fact benign with the goal of bypassing it. On the other hand, the AMS tries to detect whether a malware sample is performing such evasive checks, e.g. by evaluating the results of Reverse-Turing Test (RTT). This learning process can be viewed as a &lsquo;battle&rsquo; between the AMS and the malware, due to the malware attempting to defeat the AMS, where a successful win for the malware would be to evade detection by the AMS and, conversely, a win for the AMS would be to correctly detect the malware and its evasive actions. We propose a visualisation-based system, called Gotta Evade &lsquo;em All, that allows cyber-security analysts to clearly see the evasive and anti-evasive actions performed by the malware and the AMS during the battle.</p>", 
    "language": "eng", 
    "title": "Malware vs Anti-Malware Battle - Gotta Evade 'em All!", 
    "license": {
      "id": "CC-BY-4.0"
    }, 
    "relations": {
      "version": [
        {
          "count": 1, 
          "index": 0, 
          "parent": {
            "pid_type": "recid", 
            "pid_value": "4277104"
          }, 
          "is_last": true, 
          "last_child": {
            "pid_type": "recid", 
            "pid_value": "4277105"
          }
        }
      ]
    }, 
    "grants": [
      {
        "code": "779391", 
        "links": {
          "self": "https://zenodo.org/api/grants/10.13039/501100000780::779391"
        }, 
        "title": "Future Proofing the Connected World: A Quantum-Resistant Trusted Platform Module", 
        "acronym": "FutureTPM", 
        "program": "H2020", 
        "funder": {
          "doi": "10.13039/501100000780", 
          "acronyms": [], 
          "name": "European Commission", 
          "links": {
            "self": "https://zenodo.org/api/funders/10.13039/501100000780"
          }
        }
      }
    ], 
    "communities": [
      {
        "id": "futuretpm-h2020"
      }
    ], 
    "publication_date": "2020-08-29", 
    "creators": [
      {
        "affiliation": "University of London", 
        "name": "Chaffey, E."
      }, 
      {
        "affiliation": "University of London", 
        "name": "Sgandurra, D."
      }
    ], 
    "meeting": {
      "dates": "28th October 2020", 
      "title": "IEEE Symposium on Visualization for Cyber Security"
    }, 
    "access_right": "open", 
    "resource_type": {
      "subtype": "conferencepaper", 
      "type": "publication", 
      "title": "Conference paper"
    }, 
    "related_identifiers": [
      {
        "scheme": "doi", 
        "identifier": "10.5281/zenodo.4277104", 
        "relation": "isVersionOf"
      }
    ]
  }
}
70
100
views
downloads
All versions This version
Views 7070
Downloads 100100
Data volume 1.1 GB1.1 GB
Unique views 6868
Unique downloads 9696

Share

Cite as