Malware is using advanced evasion techniques that help it to evade traditional detection mechanisms, thus becoming a major challenge to security analysts. This paper presents a Quantifiable Evasion Score (QES) framework to quantitatively compare and evaluate malware evasion techniques among malware families. We compare the effectiveness of evasion methods such as code packing, API hooking, anti-sandbox, encrypted C2 communication, polymorphism, rootkit techniques, and delayed execution based on the analysis of static, dynamic, and behavioral information features. Our comparative analysis is a visualization of the gaps in detection capability among signature-based, sandbox-based and behavior observation approaches to malware. We present the QES framework as a structured metric to quantitatively measure evasion techniques, to inform on the detection issues against highly evasive malware. This paper presents a systemic approach for analyzing and quantifying malware evasion in the wild attacks.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Quantifying Malware Evasion: Comparative Analysis of Advanced Techniques and Detection Using QES-Malware Framework

  • Ashish Revar,
  • Shakti Mishra,
  • Rutvij Jhaveri

摘要

Malware is using advanced evasion techniques that help it to evade traditional detection mechanisms, thus becoming a major challenge to security analysts. This paper presents a Quantifiable Evasion Score (QES) framework to quantitatively compare and evaluate malware evasion techniques among malware families. We compare the effectiveness of evasion methods such as code packing, API hooking, anti-sandbox, encrypted C2 communication, polymorphism, rootkit techniques, and delayed execution based on the analysis of static, dynamic, and behavioral information features. Our comparative analysis is a visualization of the gaps in detection capability among signature-based, sandbox-based and behavior observation approaches to malware. We present the QES framework as a structured metric to quantitatively measure evasion techniques, to inform on the detection issues against highly evasive malware. This paper presents a systemic approach for analyzing and quantifying malware evasion in the wild attacks.