The use of anti-virus software has become something of an act of faith. A recent study showed that more than 80 % of all personal computers have anti-virus software installed. However, the protection mechanisms in place are far less effective than users would expect. Malware analysis is a classical example of cat-and-mouse game: as new anti-virus techniques are developed, malware authors respond with new ones to thwart analysis. Every day, anti-virus companies analyze thousands of malware that has been collected through honeypots, hence they restrict the research to only already existing viruses. This article describes a novel method for malware obfuscation based an evolutionary opcode generator and a special ad-hoc packer. The results can be used by the security industry to test the ability of their system to react to malware mutations.
Challenging Anti-virus Through Evolutionary Malware Obfuscation / Gaudesi, Marco; Marcelli, Andrea; SANCHEZ SANCHEZ, EDGAR ERNESTO; Squillero, Giovanni; Tonda, ALBERTO PAOLO. - Applications of Evolutionary Computation:(2016), pp. 149-162. (Intervento presentato al convegno Evostar 2016 tenutosi a Porto nel Evostar 2016).
Challenging Anti-virus Through Evolutionary Malware Obfuscation
GAUDESI, MARCO;MARCELLI, ANDREA;SANCHEZ SANCHEZ, EDGAR ERNESTO;SQUILLERO, Giovanni;
2016
Abstract
The use of anti-virus software has become something of an act of faith. A recent study showed that more than 80 % of all personal computers have anti-virus software installed. However, the protection mechanisms in place are far less effective than users would expect. Malware analysis is a classical example of cat-and-mouse game: as new anti-virus techniques are developed, malware authors respond with new ones to thwart analysis. Every day, anti-virus companies analyze thousands of malware that has been collected through honeypots, hence they restrict the research to only already existing viruses. This article describes a novel method for malware obfuscation based an evolutionary opcode generator and a special ad-hoc packer. The results can be used by the security industry to test the ability of their system to react to malware mutations.Pubblicazioni consigliate
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
https://hdl.handle.net/11583/2638996
Attenzione
Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo