AV Evasion Through Malicious Generative Programs
نویسندگان
چکیده
Abstract. We describe problems inherent in the current use of antivirus software. We note that by applying a series of program transformations, virus writers can effectively evade known signature systems. By automating this process, malware authors can keep ahead of signature-based AV systems. By using so-called “queen-bot” programs, a single bot can be kept within a perpetual zero-day window.
منابع مشابه
Reverse Engineering Anti-Virus Emulators through Black-box Analysis
Anti-virus (AV) programs have traditionally used signature matching in order to detect malware. Malware authors try to evade signature matching by encrypting and compressing malware, also known as packing. Packed malware will be unintelligible on disk, but will unpack itself at run-time to return to its original form. AV’s attempt to exploit this by emulating the malware. AV emulators step thro...
متن کاملMining CFG as API Call-grams to Detect Portable Executable Malware
Malware writers use evasion techniques like code obfuscation, packing, compression to conceal from Anti-Virus (AV) scanners as AV use syntactic signature to detect a known malware. Our detection approach is based on semantic aspect of PE executable that analyzes API Call-grams to detect unknown malicious code. Static analysis covers all the paths of code which is not possible with dynamic behav...
متن کاملGMAD: Graph-based Malware Activity Detection by DNS traffic analysis
Malicious activities on the Internet are one of the most dangerous threats to Internet users and organizations. Malicious software controlled remotely is addressed as one of the most critical methods for executing the malicious activities. Since blocking domain names for command and control (C&C) of the malwares by analyzing their Domain Name System (DNS) activities has been the most effective ...
متن کاملHardening Classifiers against Evasion: the Good, the Bad, and the Ugly
Machine learning is widely used in security applications, particularly in the form of statistical classification aimed at distinguishing benign from malicious entities. Recent research has shown that such classifiers are often vulnerable to evasion attacks, whereby adversaries change behavior to be categorized as benign while preserving malicious functionality. Research into evasion attacks has...
متن کاملAdversarial Classification on Social Networks
The spread of unwanted or malicious content through social media has become a major challenge. Traditional examples of this include social network spam, but an important new concern is the propagation of fake news through social media. A common approach for mitigating this problem is by using standard statistical classification to distinguish malicious (e.g., fake news) instances from benign (e...
متن کامل