A Malware Variant Resistant To Traditional Analysis Techniques

In today’s world, the word malware is synonymous with mysterious programs that spread havoc and sow destruction upon the computing system it infects. These malware are analyzed and understood by malware analysts who reverse engineer the program in an effort to understand it and provide appropriate identifications or signatures that enable anti-malware programs to effectively combat and resolve threats. Malware authors develop ways to circumvent or prevent this analysis of their code thus rendering preventive measures ineffective. This paper discusses existing analysis subverting techniques and how they are overcome by modern analysis techniques. Further, this paper proposes a new method to resist traditional malware analysis techniques by creating a split-personality malware variant that uses a technique known as shadow attack. The proposal is validated by creating a malware dropper and testing this dropper in controlled laboratory conditions as a part of the concept of proactive defense.

[1]  Roberto Baldoni,et al.  Survey on the Usage of Machine Learning Techniques for Malware Analysis , 2017, Comput. Secur..

[2]  Riccardo Lazzeretti,et al.  Malware Triage for Early Identification of Advanced Persistent Threat Activities , 2018, Digital Threats: Research and Practice.

[3]  T. Gireesh Kumar,et al.  Ransomware Analysis Using Reverse Engineering , 2019 .

[4]  Mahmood Fazlali,et al.  Heuristic metamorphic malware detection based on statistics of assembly instructions using classification algorithms , 2015, 2015 18th CSI International Symposium on Computer Architecture and Digital Systems (CADS).

[5]  Mark Stamp,et al.  A comparison of static, dynamic, and hybrid analysis for malware detection , 2015, Journal of Computer Virology and Hacking Techniques.

[6]  Fakariah Hani Mohd Ali,et al.  Polymorphic Malware Detection , 2016, 2016 6th International Conference on IT Convergence and Security (ICITCS).

[7]  J. McAlaney,et al.  Emerging Threats for the Human Element and Countermeasures in Current Cyber Security Landscape , 2018, Cyber Law, Privacy, and Security.

[8]  Rahil Hosseini,et al.  A state-of-the-art survey of malware detection approaches using data mining techniques , 2018, Human-centric Computing and Information Sciences.

[9]  Aziz Mohaisen,et al.  Graph-Based Comparison of IoT and Android Malware , 2018, CSoNet.

[10]  Jaswinder Singh,et al.  Challenges of Malware Analysis : Obfuscation Techniques , 2018 .

[11]  S. Sibi Chakkaravarthy,et al.  A Survey on malware analysis and mitigation techniques , 2019, Comput. Sci. Rev..

[12]  P. V. Shijo,et al.  Integrated Static and Dynamic Analysis for Malware Detection , 2015 .

[13]  Xiao Zhou,et al.  ASSCA: API based Sequence and Statistics features Combined malware detection Architecture , 2017, International Conference on Identification, Information, and Knowledge in the Internet of Things.

[14]  Feng Cheng,et al.  MalRank: a measure of maliciousness in SIEM-based knowledge graphs , 2019, ACSAC.

[15]  Kris Kendall,et al.  Practical Malware Analysis , 2012, Netw. Secur..

[16]  Isil Dillig,et al.  Automated Synthesis of Semantic Malware Signatures using Maximum Satisfiability , 2016, NDSS.

[17]  Davide Balzarotti,et al.  A Lustrum of Malware Network Communication: Evolution and Insights , 2017, 2017 IEEE Symposium on Security and Privacy (SP).

[18]  Peter Szor,et al.  The Art of Computer Virus Research and Defense , 2005 .

[19]  Ritwik Murali,et al.  Optimal Feature Selection for Non-Network Malware Classification , 2020, 2020 International Conference on Inventive Computation Technologies (ICICT).

[20]  Guofei Gu,et al.  Shadow attacks: automatically evading system-call-behavior based malware detection , 2011, Journal in Computer Virology.

[21]  Alwyn R. Pais,et al.  Detecting & Defeating Split Personality Malware , 2011 .

[22]  Christopher Adam Benninger Maitland: analysis of packed and encrypted malware via paravirtualization extensions , 2012 .

[23]  Gábor Pék,et al.  New Methods for Detecting Malware Infections and New Attacks against Hardware Virtualization , 2015 .

[24]  Horace Ho-Shing Ip,et al.  Enhancing collaborative intrusion detection networks against insider attacks using supervised intrusion sensitivity-based trust management model , 2017, J. Netw. Comput. Appl..

[25]  Peng Liu,et al.  Impeding behavior-based malware analysis via replacement attacks to malware specifications , 2017, Journal of Computer Virology and Hacking Techniques.

[26]  M. Ritwik,et al.  Analyzing the Makier Virus , 2013 .

[27]  Gabriel Negreira Barbosa,et al.  Scientific but Not Academical Overview of Malware Anti-Debugging , Anti-Disassembly and Anti-VM Technologies , 2012 .

[28]  Khairuddin Omar,et al.  A Survey on Malware Analysis Techniques: Static, Dynamic, Hybrid and Memory Analysis , 2018, International Journal on Advanced Science, Engineering and Information Technology.