2018
DOI: 10.1007/978-3-319-93411-2_8
|View full text |Cite
|
Sign up to set email alerts
|

Evasive Malware via Identifier Implanting

Abstract: Abstract.To cope with the increasing number of malware attacks that organizations face, anti-malware appliances and sandboxes have become an integral security defense. In particular, appliances have become the de facto standard in the fight against targeted attacks. Yet recent incidents have demonstrated that malware can effectively detect and thus evade sandboxes, resulting in an ongoing arms race between sandbox developers and malware authors.We show how attackers can escape this arms race with what we call … Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1

Citation Types

0
4
0

Year Published

2019
2019
2024
2024

Publication Types

Select...
5
2
1

Relationship

0
8

Authors

Journals

citations
Cited by 10 publications
(4 citation statements)
references
References 28 publications
0
4
0
Order By: Relevance
“…Unfortunately, the behavior-based methods can be evaded by mimicry attacks, when the malicious code is embedded in a program that behaves properly. Furthermore, advanced malware is able to detect the presence of the sandbox and will try to avoid detection by limiting its activity [106].…”
Section: B Behavior-based Methodsmentioning
confidence: 99%
“…Unfortunately, the behavior-based methods can be evaded by mimicry attacks, when the malicious code is embedded in a program that behaves properly. Furthermore, advanced malware is able to detect the presence of the sandbox and will try to avoid detection by limiting its activity [106].…”
Section: B Behavior-based Methodsmentioning
confidence: 99%
“…There is a significant body of research [81,23,72,25,48,38,71] focusing on both designing novel evasion techniques for malware and also providing mechanisms to detect them. We next discuss the most relevant works related to ours.…”
Section: Related Workmentioning
confidence: 99%
“…For example, if a sample is executed under both VMWare [67] and VirtualBox [47], and the VMWare instance does not exhibit malicious behavior, one can conclude that the sample detects VMWare-specific artifacts (e.g., [49]). Many techniques, from machine learning [50] to symbolic execution and traces [26] to hybrid dynamic analyses [40], among others, have been proposed to tackle this problem of environment-aware malware-even as new black hat approaches for more insidious stealthy evasion (e.g., [45], [65]) are proposed as well.…”
Section: Introductionmentioning
confidence: 99%