DynODet: Detecting Dynamic Obfuscation in Malware
| Autor: | Julien Roy, Danny Kim, Amir Majlesi-Kupaei, Kapil Anand, Daniel Buettner, Khaled ElWazeer, Rajeev Barua |
|---|---|
| Rok vydání: | 2017 |
| Předmět: |
Software_OPERATINGSYSTEMS
Computer science 020207 software engineering 02 engineering and technology Computer security computer.software_genre Set (abstract data type) Obfuscation (software) ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS ComputingMethodologies_PATTERNRECOGNITION 020204 information systems 0202 electrical engineering electronic engineering information engineering Malware computer |
| Zdroj: | Detection of Intrusions and Malware, and Vulnerability Assessment ISBN: 9783319608754 DIMVA |
| DOI: | 10.1007/978-3-319-60876-1_5 |
| Popis: | Malicious software, better known as malware, is a major threat to society. Malware today typically employ a technique called obfuscation. Obfuscation detection in malware is a well-documented problem and has been analyzed using dynamic analysis. However, many tools that detect obfuscation in malware make no attempts to use the presence of obfuscation as a method of detecting malware because their schemes would also detect benign applications. We present three main contributions. First, we conduct a unique study into the prevalence of obfuscation in benign applications. Second, we create discriminating features that can distinguish obfuscation in benign applications versus malware. Third, we prove that using the presence of obfuscation can detect previously hard-to-detect malware. Our results show that for our set of programs, we are able to reduce the number of malware missed by five market-leading AV tools by 25% while only falsely detecting 2.45% of tested benign applications. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|