• 主题
高级搜索  >
历史搜索 清空历史
首页> 外文会议>IEEE Symposium on Visualization for Cyber Security >Malware vs Anti-Malware Battle - Gotta Evade ‘em All!
【24h】

Malware vs Anti-Malware Battle - Gotta Evade ‘em All!

机译:恶意软件对抗恶意软件战 - Gotta逃避'所有!

获取原文
页面导航
  • 摘要
  • 著录项
  • 相似文献
  • 相关主题

摘要

The landscape of malware development is ever-changing, creating a constant catch-up contest between the defenders and the adversaries. One of the methodologies that has the potential to pose a significant threat to systems is malware evasion. This is where malware tries to determine whether it is run in a controlled environment, such as a sandbox. Similarly, a malware can also learn how an Anti-Malware System (AMS) decides whether an input program is a malware or in fact benign with the goal of bypassing it. On the other hand, the AMS tries to detect whether a malware sample is performing such evasive checks, e.g. by evaluating the results of Reverse-Turing Test (RTT). This learning process can be viewed as a ‘battle’ between the AMS and the malware, due to the malware attempting to defeat the AMS, where a successful win for the malware would be to evade detection by the AMS and, conversely, a win for the AMS would be to correctly detect the malware and its evasive actions. We propose a visualisation-based system, called Gotta Evade ‘em All, that allows cyber-security analysts to clearly see the evasive and anti-evasive actions performed by the malware and the AMS during the battle.
机译:恶意软件开发的景观是不断变化的,在防守者和对手之间创造了不断的追赶竞争。具有对系统构成重大威胁的可能性的方法之一是恶意软件逃避。这是恶意软件尝试确定它是否在受控环境中运行,例如沙箱。同样,恶意软件还可以了解反恶意软件系统(AMS)如何决定输入程序是否是恶意软件,也可以绕过绕过它的目标。另一方面,AMS试图检测恶意软件样本是否正在执行这种避免检查,例如,通过评估反向图定测试(RTT)的结果。这种学习过程可以被视为AMS和恶意软件之间的“战斗”,由于恶意软件试图击败AMS,在恶意软件的成功获胜将是逃避AMS的检测,并相反,赢得胜利AMS将是正确检测恶意软件及其逃避行为。我们提出了一种基于可视化的系统,称为Gotta Evade的EM所有系统,允许网络安全分析师清楚地看到恶意软件和AMS在战斗中执行的避免和反犹太行动。

著录项

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有

  • 客服微信

  • 服务号