Automatically Detecting Evasive Malware
Quite a bit, according to recent research in this field which, for the first time, provided techniques for the automated detection of evasive web-based malware. This research has been published in 2013 in the Proceedings of the USENIX Security Symposium, one of the top venues for the dissemination of highly innovative scientific results. The research work is titled: “Revolver: An Automated Approach to the Detection of Evasive Web-based Malware” and has been authored by our group, composed of researchers from the University of California in Santa Barbara and Lastline, Inc.
In either case, the Revolver system is able to leverage machine learning in order to identify cases in which malware evolution created variants that are not detected anymore or to identify injections in benign components. This is a very first step towards a new set of techniques that will focus on detecting evasive activity, in addition to openly malicious activity. It is a necessary new step in the fight against sophisticated malware, which is becoming more aware of sandboxes and other analysis systems.
The details of this research effort are available in the technical paper, which is available here:
The system is available to malware analysts. Please contact firstname.lastname@example.org for further information.
The authors of the paper are:
Alexander Kapravelos, PhD Student at UCSB
Yan Shoshitaishvili, PhD Student at UCSB
Marco Cova, Head of Lastline Europe and Professor at University of Birmingham
Christopher Kruegel, Chief Scientist at Lastline and Professor at UCSB
Giovanni Vigna, CTO at Lastline and Professor at UCSB
For further information about this research work, please contact me at email@example.com.
Latest posts by Giovanni Vigna (see all)
- From Trapping to Hunting: Intelligently Analyzing Anomalies to Detect Network Compromises - October 17, 2017
- When Malware is Packing Heat - September 12, 2017
- Hacking and Malware Analysis Have More In Common Than You Think - August 15, 2017