Evolution of evasive malwares: A survey

The threat of malware is perpetual in digital computing systems. To counter the infection, malware industries and analysts have been coming with cutting-edge solutions and preventive measures for various categories of malware threats. At the same time malware authors are putting consistent efforts to evade security solutions and prevention systems. In this paper we will discuss about indispensable need to study and analyze the effects of evasive malwares on analysis systems. Malicious intention of malware authors can be to harm the systems without being detected such that their malware can reside into the system for longer duration. This paper discusses number of techniques which has been found in evasive malwares to elude the malware solutions. We will discuss about piles of evasive technique that might be possible in next generation malwares. Also this paper can assists to build the hardened malware analysis environments such that chances of elusion by the evasive malwares can be diminished.

[1]  Peter Ferrie Attacks on More Virtual Machine Emulators , 2007 .

[2]  Martina Lindorfer,et al.  Detecting Environment-Sensitive Malware , 2011, RAID.

[3]  Christopher Krügel,et al.  A survey on automated dynamic malware-analysis techniques and tools , 2012, CSUR.

[4]  Christopher Kruegel Lastline Full System Emulation: Achieving Successful Automated Dynamic Analysis of Evasive Malware , 2014 .

[5]  Christopher Krügel,et al.  Limits of Static Analysis for Malware Detection , 2007, Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007).

[6]  Christopher Krügel,et al.  Efficient Detection of Split Personalities in Malware , 2010, NDSS.

[7]  Christopher Krügel,et al.  Detecting System Emulators , 2007, ISC.

[8]  Tal Garfinkel,et al.  Compatibility Is Not Transparency: VMM Detection Myths and Realities , 2007, HotOS.

[9]  Jelena Mirkovic,et al.  Cardinal Pill Testing of System Virtual Machines , 2014, USENIX Security Symposium.

[10]  Helen J. Wang,et al.  SubVirt: implementing malware with virtual machines , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[11]  Gbadebo Ayoade,et al.  A Survey on Hypervisor-Based Monitoring , 2015, ACM Comput. Surv..

[12]  Samuel T. King,et al.  MAVMM: Lightweight and Purpose Built VMM for Malware Analysis , 2009, 2009 Annual Computer Security Applications Conference.

[13]  Giovanni Vigna,et al.  MalGene: Automatic Extraction of Malware Analysis Evasion Signature , 2015, CCS.

[14]  Rajeev Kumar,et al.  Hybrid analysis of executables to detect security vulnerabilities: security vulnerabilities , 2009, ISEC '09.

[15]  Christopher Krügel,et al.  Exploring Multiple Execution Paths for Malware Analysis , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[16]  Barton P. Miller,et al.  Hybrid Analysis and Control of Malware , 2010, RAID.

[17]  Christopher Krügel,et al.  BareCloud: Bare-metal Analysis-based Evasive Malware Detection , 2014, USENIX Security Symposium.

[18]  Wenke Lee,et al.  Ether: malware analysis via hardware virtualization extensions , 2008, CCS.

[19]  Lorenzo Martignoni,et al.  Testing CPU emulators , 2009, ISSTA.

[20]  Hassan Mourad Sleeping Your Way out of the Sandbox , 2018 .

[21]  Vinod Yegneswaran,et al.  Experiences in Malware Binary Deobfuscation , 2010 .

[22]  Tsutomu Matsumoto,et al.  Malware Detection Method by Catching Their Random Behavior in Multiple Executions , 2012, 2012 IEEE/IPSJ 12th International Symposium on Applications and the Internet.

[23]  Tomohiro Shigemoto,et al.  Automatic Malware Analysis Technology to Defend against Evolving Targeted Attacks , 2014 .

[24]  Aggelos Kiayias,et al.  Scalability, fidelity and stealth in the DRAKVUF dynamic malware analysis system , 2014, ACSAC.

[25]  Christopher Thompson,et al.  Virtualization Detection : New Strategies and Their Effectiveness , 2010 .

[26]  Christopher Krügel,et al.  The power of procrastination: detection and mitigation of execution-stalling malicious code , 2011, CCS '11.