Abstract | ||
---|---|---|
Malware signature detectors use patterns of bytes, or variations of patterns of bytes, to detect malware attempting to enter a systems. This approach assumes the signatures are both or sufficient length to identify the malware, and to distinguish it from non-malware objects entering the system. We describe a technique that can increase the difficulty of both to an arbitrary degree. This technique can exploit an optimization that many anti-virus systems use to make inserting the malware simple; fortunately, this particular exploit is easy to detect, provided the optimization is not present. We describe some experiments to test the effectiveness of this technique in evading existing signature-based malware detectors. |
Year | DOI | Venue |
---|---|---|
2010 | 10.1109/MALWARE.2010.5665788 | Malicious and Unwanted Software |
Keywords | Field | DocType |
invasive software,optimisation,antivirus system,bytes pattern variation,malware multistage delivery,malware signature detector,optimization | Byte,Cryptovirology,Internet privacy,Computer science,Computer security,Exploit,Software,Malware,Grippers | Conference |
ISBN | Citations | PageRank |
978-1-4244-9353-1 | 13 | 0.75 |
References | Authors | |
9 | 2 |
Name | Order | Citations | PageRank |
---|---|---|---|
Marco Ramilli | 1 | 94 | 11.10 |
Matt Bishop | 2 | 1022 | 135.17 |