Abstract | ||
---|---|---|
We relax the notion of malware obfuscation to include semantically non-preserving transformations. Unlike traditional obfuscation techniques, these transformation may not preserve original code behaviour. Using web-based malware we focus on transformations which modify abstract syntax trees. While such transformations yield syntactically valid programs, they may yield dysfunctional samples, so that it is not clear that this is a practical approach to producing detection-evading malware. However, by implementing an automated system that efficiently filters dysfunctional samples on a virtual cloud architecture, we show that such transformations are in fact practical. Using two simple transformations, we evaluated four antivirus products and were able to create many samples that evade detection, demonstrating that semantic-preserving obfuscation is not the only effective way to mutate malware. |
Year | DOI | Venue |
---|---|---|
2016 | 10.1007/978-3-319-51966-1_18 | Lecture Notes in Computer Science |
Field | DocType | Volume |
Programming language,Control engineering,Engineering,Abstract syntax,Malware,Obfuscation,Cloud architecture | Conference | 10128 |
ISSN | Citations | PageRank |
0302-9743 | 0 | 0.34 |
References | Authors | |
0 | 3 |
Name | Order | Citations | PageRank |
---|---|---|---|
Erkan Ersan | 1 | 0 | 0.34 |
Lior Malka | 2 | 0 | 0.34 |
Bruce M. Kapron | 3 | 308 | 26.02 |