{"title":"建模规避恶意软件创作技术","authors":"Mathew Nicho, Maitha Alkhateri","doi":"10.1109/CSNet52717.2021.9614645","DOIUrl":null,"url":null,"abstract":"Malware have proliferated due to the ease at which it can be created, sourced, or purchased. Furthermore, with extensive accessibility of obfuscation, binding and crypting tools, infection has become widespread and effortless. While advanced persistent threats (APT) use zero-day malware or near zero day, it has been observed that not all malwares in the wild are zero or near zero day. Hence, in this paper our objective is (1) model malware authoring process, (2) recreate the process of malware authoring by creating 18 malwares using four different commonly used constructor (malware authoring) tools, (3) evaluate the detection rate, and (4) observe if the OS defenses quarantine these payloads. Hence our process involves malware creation, detection, infection, and analysis.","PeriodicalId":360654,"journal":{"name":"2021 5th Cyber Security in Networking Conference (CSNet)","volume":"29 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-10-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"Modeling Evasive Malware Authoring Techniques\",\"authors\":\"Mathew Nicho, Maitha Alkhateri\",\"doi\":\"10.1109/CSNet52717.2021.9614645\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Malware have proliferated due to the ease at which it can be created, sourced, or purchased. Furthermore, with extensive accessibility of obfuscation, binding and crypting tools, infection has become widespread and effortless. While advanced persistent threats (APT) use zero-day malware or near zero day, it has been observed that not all malwares in the wild are zero or near zero day. Hence, in this paper our objective is (1) model malware authoring process, (2) recreate the process of malware authoring by creating 18 malwares using four different commonly used constructor (malware authoring) tools, (3) evaluate the detection rate, and (4) observe if the OS defenses quarantine these payloads. Hence our process involves malware creation, detection, infection, and analysis.\",\"PeriodicalId\":360654,\"journal\":{\"name\":\"2021 5th Cyber Security in Networking Conference (CSNet)\",\"volume\":\"29 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2021-10-12\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2021 5th Cyber Security in Networking Conference (CSNet)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CSNet52717.2021.9614645\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 5th Cyber Security in Networking Conference (CSNet)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CSNet52717.2021.9614645","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Malware have proliferated due to the ease at which it can be created, sourced, or purchased. Furthermore, with extensive accessibility of obfuscation, binding and crypting tools, infection has become widespread and effortless. While advanced persistent threats (APT) use zero-day malware or near zero day, it has been observed that not all malwares in the wild are zero or near zero day. Hence, in this paper our objective is (1) model malware authoring process, (2) recreate the process of malware authoring by creating 18 malwares using four different commonly used constructor (malware authoring) tools, (3) evaluate the detection rate, and (4) observe if the OS defenses quarantine these payloads. Hence our process involves malware creation, detection, infection, and analysis.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
