Conference paper Open Access
Chaffey, E.; Sgandurra, D.
<?xml version='1.0' encoding='utf-8'?> <oai_dc:dc xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:oai_dc="http://www.openarchives.org/OAI/2.0/oai_dc/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.openarchives.org/OAI/2.0/oai_dc/ http://www.openarchives.org/OAI/2.0/oai_dc.xsd"> <dc:creator>Chaffey, E.</dc:creator> <dc:creator>Sgandurra, D.</dc:creator> <dc:date>2020-08-29</dc:date> <dc:description>The landscape of malware development is ever-changing, creating a constant catch-up contest between the defenders and the adversaries. One of the methodologies that has the potential to pose a significant threat to systems is malware evasion. This is where malware tries to determine whether it is run in a controlled environment, such as a sandbox. Similarly, a malware can also learn how an Anti-Malware System (AMS) decides whether an input program is a malware or in fact benign with the goal of bypassing it. On the other hand, the AMS tries to detect whether a malware sample is performing such evasive checks, e.g. by evaluating the results of Reverse-Turing Test (RTT). This learning process can be viewed as a ‘battle’ between the AMS and the malware, due to the malware attempting to defeat the AMS, where a successful win for the malware would be to evade detection by the AMS and, conversely, a win for the AMS would be to correctly detect the malware and its evasive actions. We propose a visualisation-based system, called Gotta Evade ‘em All, that allows cyber-security analysts to clearly see the evasive and anti-evasive actions performed by the malware and the AMS during the battle.</dc:description> <dc:identifier>https://zenodo.org/record/4277105</dc:identifier> <dc:identifier>10.5281/zenodo.4277105</dc:identifier> <dc:identifier>oai:zenodo.org:4277105</dc:identifier> <dc:language>eng</dc:language> <dc:relation>info:eu-repo/grantAgreement/EC/H2020/779391/</dc:relation> <dc:relation>doi:10.5281/zenodo.4277104</dc:relation> <dc:relation>url:https://zenodo.org/communities/futuretpm-h2020</dc:relation> <dc:rights>info:eu-repo/semantics/openAccess</dc:rights> <dc:rights>https://creativecommons.org/licenses/by/4.0/legalcode</dc:rights> <dc:title>Malware vs Anti-Malware Battle - Gotta Evade 'em All!</dc:title> <dc:type>info:eu-repo/semantics/conferencePaper</dc:type> <dc:type>publication-conferencepaper</dc:type> </oai_dc:dc>