10 Hits in 4.6 sec

Evasive Windows Malware: Impact on Antiviruses and Possible Countermeasures

Cédric Herzog, Valérie Tong, Pierre Wilke, Arnaud Van Straaten, Jean-Louis Lanet
2020 Proceedings of the 17th International Joint Conference on e-Business and Telecommunications  
This paper aims at determining the possibilities for malware to detect the antiviruses and then evaluating the efficiency of these techniques on a panel of antiviruses that are the most used nowadays.  ...  We then collect samples showing this kind of behavior and propose to evaluate a countermeasure that creates false artifacts, thus forcing malware to evade.  ...  We study the impact of this approach on both malware and legitimate software before concluding on its limitations.  ... 
doi:10.5220/0009816703020309 dblp:conf/icete/HerzogTWSL20 fatcat:jshax3vqv5brplnacho5syff3y

Python and Malware: Developing Stealth and Evasive Malware Without Obfuscation [article]

Vasilios Koutsokostas, Constantinos Patsakis
2021 arXiv   pre-print
As a result, we show that stealth and evasive malware can be efficiently developed, bypassing with ease state of the art malware detection tools without raising any alert.  ...  Interestingly, our approach to generating the malicious executables is not based on introducing a new packer but on the augmentation of the capabilities of an existing and widely used tool for packaging  ...  Responsibility for the information and views expressed therein lies entirely with the authors.  ... 
arXiv:2105.00565v1 fatcat:5cetfh4ofbbxlgreab5xptmyie

POW-HOW: An enduring timing side-channel to evade online malware sandboxes [article]

Antonio Nappa, Panagiotis Papadopoulos, Matteo Varvello, Daniel Aceituno Gomez, Juan Tapiador, Andrea Lanzi
2021 arXiv   pre-print
Online malware scanners are one of the best weapons in the arsenal of cybersecurity companies and researchers.  ...  Our empirical evaluation shows that the proposed evasion technique is durable, hard to fingerprint, and reduces existing malware detection rate by a factor of 10.  ...  The use of real-world malwares, which are well know and thus easy to detect, allows us to comment on the impact that PoW-based evasion has on malware reuse, the practice of recycling old malware for new  ... 
arXiv:2109.02979v2 fatcat:2pgzanyjtrdjbmz7pqhz7qmcdi

Antiforensic techniques deployed by custom developed malware in evading anti-virus detection [article]

Ivica Stipovic
2019 arXiv   pre-print
This thesis describes several layers of anti-virus evasion deployed by the malware and conducts the analysis of the evasion success rate.  ...  The thesis examines the results and discusses the strengths and weaknesses of each evasion technique.  ...  The anti-malware industry has taken countermeasures too. One enhancement was the introduction of a semantic-aware analysis as proposed by the [8] .  ... 
arXiv:1906.10625v1 fatcat:4urf2v76frdb7bjvozri4f7cfq

Malware: The Never-Ending Arm Race

Hector David Menendez
2021 Open Journal of Cybersecurity  
antiviruses use, but also the capabilities to fileless malware, i.e. malware only resident in volatile memory that makes every disk analysis senseless.  ...  It will cover binary, static and dynamic analysis, and also new strategies based on machine learning from both perspectives, the attackers and the defenders.  ...  Barr; my main collaborator in malware analysis, whom I teach about malware mitigation at Oxford University, Guillermo Suárez-Tangil and all the collaborators that I had during ths process that started  ... 
doi:10.46723/ojc.1.1.3 fatcat:bxznrmd6arazrmd63i6d32rqx4

Acceleration of Statistical Detection of Zero-day Malware in the Memory Dump Using CUDA-enabled GPU Hardware [article]

Igor Korkin, Iwan Nesterow
2016 arXiv   pre-print
This paper focuses on the anticipatory enhancement of methods of detecting stealth software.  ...  by disassembling the memory content and analyzing the output.  ...  Petersburg Institute for Informatics and Automation of the Russian Academy of Science (SPIIRAS) for his insightful comments and feedback which helped us to improve the quality of the paper substantially  ... 
arXiv:1606.04662v1 fatcat:6tthpnri6zf7lnyxh27phg7yxu

SoK: A Survey of Open-Source Threat Emulators [article]

Polina Zilberman and Rami Puzis and Sunders Bruskin and Shai Shwarz and Yuval Elovici
2020 arXiv   pre-print
We focus on tactics and techniques from the MITRE ATT&CK Enterprise matrix and determine whether they can be performed and tested with the emulators.  ...  Finally, we discuss the circumstances in which one threat emulator is preferred over another.  ...  CALDERA's server can be installed on a Windows server or Windows 10 platforms. CALDERA's agents can run on Windows.  ... 
arXiv:2003.01518v2 fatcat:fiv4fl5kzjg67j2zwwnvveejwe

From Intrusion Detection to an Intrusion Response System: Fundamentals, Requirements, and Future Directions

Shahid Anwar, Jasni Mohamad Zain, Mohamad Fadli Zolkipli, Zakira Inayat, Suleman Khan, Bokolo Anthony, Victor Chang
2017 Algorithms  
Depending on IDS settings and configurations, IRSs can continuously monitor system health and apply suitable countermeasures to identify and respond to potential incidents and inappropriate activities  ...  Therefore, an IDS with appropriate countermeasures, such as an intrusion response system (IRS), is essential for detecting and responding to potential intrusions and attacks [7] .  ...  Based on IDS alerts, a security countermeasure (IRS) is used to thwart detected intrusions.  ... 
doi:10.3390/a10020039 fatcat:4cs4ccfpkve3zglafqap6od32a

Proceedings of the International GI Workshop on Detection of Intrusions and Malware & Vulnerability Assessment

Ulrich Flegel, Michael Meier, Technische Universität Dortmund, Technische Universität Dortmund
and Malware.  ...  The workshop program comprised new theoretical and practical approaches and results from research as well as experience reports on the principal topic Intrusion Detection and on the topics Honeypots, Vulnerabilities  ...  Acknowledgment The authors wish to thank the members of the Munich Network Management (MNM) Team for helpful discussions and valuable comments on previous versions of the paper.  ... 
doi:10.17877/de290r-8784 fatcat:qvo5cmghefgqpirbkvbfx2fouu

Evaluating Criminal Transactional Methods in Cyberspace as Understood in an International Context

R.V. Gundur, Michael Levi, Volkan Topalli, Marie Ouellet, Maria Stolyarova, Lennon Yao-Chung Chang, Diego Domínguez Mejía
2021 CrimRxiv  
Research assistance was provided by Tessa Cole and David Flint. Editorial assistance was provided by Isobel Scavetta.  ...  An RDP user can use Windows applications as normal.  ...  After acquiring the necessary malware, the second step of a botnet attack typically involves injecting the malware into the highest possible number of targeted machines.  ... 
doi:10.21428/cb6ab371.5f335e6f fatcat:vmrt7shntreqbg2z5mgysr5anq