Automatically Detecting Evasive Malware
These highly-evasive attacks are often “evolutionary” with respect to initial exploits. This means that the evasive attacks are variations of attacks that were once successful and then started losing effectiveness because the honeyclients were detecting them. Therefore, the exploit writer startS to
Quite a bit, according to recent research in this field which, for the first time, provided techniques for the automated detection of evasive web-based malware. This research has been published in 2013 in the Proceedings of the USENIX Security Symposium, one of the top venues for the dissemination of highly innovative scientific results. The research work is titled: “Revolver: An Automated Approach to the Detection of Evasive Web-based Malware” and has been authored by our group, composed of researchers from the University of California in Santa Barbara and Lastline, Inc.
In either case, the Revolver system is able to leverage machine learning in order to identify cases in which malware evolution created variants that are not detected anymore or to identify injections in benign components. This is a very first step towards a new set of techniques that will focus on detecting evasive activity, in addition to openly malicious activity. It is a necessary new step in the fight against sophisticated malware, which is becoming more aware of sandboxes and other analysis systems.
The details of this research effort are available in the technical paper, which is available here:
The system is available to malware analysts. Please contact email@example.com for further information.
The authors of the paper are:
Alexander Kapravelos, PhD Student at UCSB
Yan Shoshitaishvili, PhD Student at UCSB
Marco Cova, Head of Lastline Europe and Professor at University of Birmingham
Christopher Kruegel, Chief Scientist at Lastline and Professor at UCSB
Giovanni Vigna, CTO at Lastline and Professor at UCSB
For further information about this research work, please contact me at firstname.lastname@example.org.
Latest posts by Giovanni Vigna (see all)
- University Security Lab Gets angr(y) – Makes it Easy to Analyze Binaries - January 24, 2018
- How Cybercriminals are Attacking Machine Learning - January 4, 2018
- The 2018 Cyberthreat Landscape—Predictions and Trends - November 16, 2017