Analysis, Anti-Analysis, Anti-Anti-Analysis: An Overview of the Evasive Malware Scenario

Anais do XVII Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais (SBSeg 2017) Pub Date : 2017-11-06 DOI:10.5753/sbseg.2017.19504

Marcus Botacin, V. F. Rocha, P. Geus, A. Grégio

{"title":"Analysis, Anti-Analysis, Anti-Anti-Analysis: An Overview of the Evasive Malware Scenario","authors":"Marcus Botacin, V. F. Rocha, P. Geus, A. Grégio","doi":"10.5753/sbseg.2017.19504","DOIUrl":null,"url":null,"abstract":"Malicious programs are persistent threats to computer systems, and their damages extend from financial losses to critical infrastructure attacks. Malware analysis aims to provide useful information to be used for forensic procedures and countermeasures development. To thwart that, attackers make use of anti-analysis techniques that prevent or difficult their malware from being analyzed. These techniques rely on instruction side-effects and that system's structure checks are inspection-aware. Thus, detecting evasion attempts is an important step of any successful investigative procedure. In this paper, we present a broad overview of what anti-analysis techniques are being used in malware and how they work, as well as their detection counterparts, i.e., the anti-anti-analysis techniques that may be used by forensic investigators to defeat evasive malware. We also evaluated over one hundred thousand samples in the search of the presence of anti-analysis technique and summarized the obtained information to present an evasion-aware malware threat scenario.","PeriodicalId":322419,"journal":{"name":"Anais do XVII Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais (SBSeg 2017)","volume":"14 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2017-11-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Anais do XVII Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais (SBSeg 2017)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.5753/sbseg.2017.19504","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 2

Abstract

Malicious programs are persistent threats to computer systems, and their damages extend from financial losses to critical infrastructure attacks. Malware analysis aims to provide useful information to be used for forensic procedures and countermeasures development. To thwart that, attackers make use of anti-analysis techniques that prevent or difficult their malware from being analyzed. These techniques rely on instruction side-effects and that system's structure checks are inspection-aware. Thus, detecting evasion attempts is an important step of any successful investigative procedure. In this paper, we present a broad overview of what anti-analysis techniques are being used in malware and how they work, as well as their detection counterparts, i.e., the anti-anti-analysis techniques that may be used by forensic investigators to defeat evasive malware. We also evaluated over one hundred thousand samples in the search of the presence of anti-analysis technique and summarized the obtained information to present an evasion-aware malware threat scenario.

查看原文本刊更多论文

分析、反分析、反反分析:规避型恶意软件场景概述

恶意程序是对计算机系统的持续威胁，其损害范围从经济损失到关键基础设施攻击。恶意软件分析旨在为法医程序和对策开发提供有用的信息。为了阻止这一点，攻击者利用反分析技术来阻止或困难他们的恶意软件被分析。这些技术依赖于指令的副作用，并且系统的结构检查是检查感知的。因此，侦查逃避企图是任何成功的调查程序的一个重要步骤。在本文中，我们对恶意软件中使用的反分析技术及其工作原理以及它们的检测对应物进行了广泛的概述，即法医调查人员可能使用的反反分析技术来击败规避恶意软件。我们还评估了超过10万个样本，以寻找反分析技术的存在，并总结了获得的信息，以呈现规避感知的恶意软件威胁场景。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Anais do XVII Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais (SBSeg 2017)

自引率

0.00%

发文量