Quantifying Malware Evasion: Comparative Analysis of Advanced Techniques and Detection Using QES-Malware Framework
摘要
Malware is using advanced evasion techniques that help it to evade traditional detection mechanisms, thus becoming a major challenge to security analysts. This paper presents a Quantifiable Evasion Score (QES) framework to quantitatively compare and evaluate malware evasion techniques among malware families. We compare the effectiveness of evasion methods such as code packing, API hooking, anti-sandbox, encrypted C2 communication, polymorphism, rootkit techniques, and delayed execution based on the analysis of static, dynamic, and behavioral information features. Our comparative analysis is a visualization of the gaps in detection capability among signature-based, sandbox-based and behavior observation approaches to malware. We present the QES framework as a structured metric to quantitatively measure evasion techniques, to inform on the detection issues against highly evasive malware. This paper presents a systemic approach for analyzing and quantifying malware evasion in the wild attacks.