The use of anti-virus software has become something of an act of faith. A recent study showed that more than 80 % of all personal computers have anti-virus software installed. However, the protection mechanisms in place are far less effective than users would expect. Malware analysis is a classical example of cat-and-mouse game: as new anti-virus techniques are developed, malware authors respond with new ones to thwart analysis. Every day, anti-virus companies analyze thousands of malware that has been collected through honeypots, hence they restrict the research to only already existing viruses. This article describes a novel method for malware obfuscation based an evolutionary opcode generator and a special ad-hoc packer. The results can be used by the security industry to test the ability of their system to react to malware mutations.

Challenging Anti-virus Through Evolutionary Malware Obfuscation / Gaudesi, Marco; Marcelli, Andrea; SANCHEZ SANCHEZ, EDGAR ERNESTO; Squillero, Giovanni; Tonda, ALBERTO PAOLO. - Applications of Evolutionary Computation:(2016), pp. 149-162. (Intervento presentato al convegno Evostar 2016 tenutosi a Porto nel Evostar 2016).

Challenging Anti-virus Through Evolutionary Malware Obfuscation

GAUDESI, MARCO;MARCELLI, ANDREA;SANCHEZ SANCHEZ, EDGAR ERNESTO;SQUILLERO, Giovanni;
2016

Abstract

The use of anti-virus software has become something of an act of faith. A recent study showed that more than 80 % of all personal computers have anti-virus software installed. However, the protection mechanisms in place are far less effective than users would expect. Malware analysis is a classical example of cat-and-mouse game: as new anti-virus techniques are developed, malware authors respond with new ones to thwart analysis. Every day, anti-virus companies analyze thousands of malware that has been collected through honeypots, hence they restrict the research to only already existing viruses. This article describes a novel method for malware obfuscation based an evolutionary opcode generator and a special ad-hoc packer. The results can be used by the security industry to test the ability of their system to react to malware mutations.
2016
978-3-319-31152-4
File in questo prodotto:
Non ci sono file associati a questo prodotto.
Pubblicazioni consigliate

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11583/2638996
 Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo