A MALWARE VARIANT RESISTANT TO TRADITIONAL ANALYSIS TECHNIQUES A FORENSIC ANALYSIS OF ANDROID MALWARE
Article Sidebar
Это произведение доступно по лицензии Creative Commons «Attribution» («Атрибуция») 4.0 Всемирная.
Main Article Content
Аннотация:
In today’s world, the word malware is synonymous with mysterious programs that spread havoc and sow destruction upon the computing system it infects. These malware are analyzed and understood by malware analysts who reverse engineer the program in an effort to understand it and provide appropriate identifications or signatures that enable anti-malware programs to effectively combat and resolve threats. Malware authors develop ways to circumvent or prevent this analysis of their code thus rendering preventive measures ineffective. This paper discusses existing analysis subverting techniques and how they are overcome by modern analysis techniques. Further, this paper proposes a new method to resist traditional malware analysis techniques by creating a split-personality malware variant that uses a technique known as shadow attack. The proposal is validated by creating a malware dropper and testing this dropper in controlled laboratory conditions as a part of the concept of proactive defense.
Article Details
Как цитировать:
Библиографические ссылки:
K. Kendall and C. McMillan, “Practical malware analysis,” in Black Hat Conference, USA, p. 10, 2007.
P. Szor, The Art of Computer Virus Research and Defense: ART COMP VIRUS RES DEFENSE p1. Pearson Education, 2005.
V. Benson, J. McAlaney, and L. A. Frumkin, “Emerging threats for the human element and countermeasures in current cyber security landscape,” in Cyber Law, Privacy, and Security: Concepts, Methodologies, Tools, and Applications, pp. 1264–1269, IGI Global, 2019.
R. Sihwail, K. Omar, and K. A. Zainol Ariffin, “A survey on malware analysis techniques: Static, dynamic, hybrid and memory analysis,” vol. 8, pp. 1662–1671, 11 2018.
S. S. Chakkaravarthy, D. Sangeetha, and V. Vaidehi, “A survey on malware analysis and mitigation techniques,” Computer Science Review, vol. 32, pp. 1–23, 2019.
P. Shijo and A. Salim, “Integrated static and dynamic analysis for malware detection,” Procedia Computer Science, vol. 46, pp. 804–811, 2015.
A. Damodaran, F. Di Troia, C. A. Visaggio, T. H. Austin, and M. Stamp, “A comparison of static, dynamic, and hybrid analysis for malware detection,” Journal of Computer Virology and Hacking Techniques, vol. 13, no. 1, pp. 1–12, 2017.
Y. Feng, O. Bastani, R. Martins, I. Dillig, and S. Anand, “Automated synthesis of semantic malware signatures using maximum satisfiability,” arXiv preprint arXiv:1608.06254, 2016.
P. Khodamoradi, M. Fazlali, F. Mardukhi, and M. Nosrati, “Heuristic metamorphic malware detection based on statistics of assembly instructions using classification algorithms,” in 2015 18th CSI International Symposium on Computer Architecture and Digital Systems (CADS), pp. 1–6, IEEE, 2015.
L. Xiaofeng, Z. Xiao, J. Fangshuo, Y. Shengwei, and S. Jing, “Assca: Api based sequence and statistics features combined malware detection architecture,” Procedia Computer Science, vol. 129, pp. 248–256, 2018.
A. Souri and R. Hosseini, “A state-of-the-art survey of malware detection approaches using data mining techniques,” Human-centric Computing and Information Sciences, vol. 8, no. 1, p. 3, 2018.
C. A. Benninger, Maitland: analysis of packed and encrypted malware via paravirtualization extensions. PhD thesis, 2012.
M. Ritwik and K. Praveen, “Analyzing the makier virus,” International Journal of Computer Science Issues (IJCSI), vol. 10, no. 2 Part 1, p. 530, 2013.
R. R. Branco, G. N. Barbosa, and P. D. Neto, “Scientific but not academical overview of malware anti-debugging, anti-disassembly and anti-vm technologies,” Black Hat, 2012.
P. Najafi, A. Muhle, W. P¨ unter, F. Cheng, and C. Meinel, “Malrank:¨ a measure of maliciousness in siem-based knowledge graphs,” in Proceedings of the 35th Annual Computer Security Applications Conference, pp. 417–429, ACM, 2019.6
R. M. R. G. KannanMani ManiArasuSekar, Paveethran Swaminathan and S. Surya, “Optimal feature selection for non-network malware classification,” IEEE, 2020. Accepted for publication in the 5th International Conference on Inventive Computation Technologies (ICICT-2020).
D. Ucci, L. Aniello, and R. Baldoni, “Survey of machine learning techniques for malware analysis,” Computers & Security, 2018.
G. Laurenza, R. Lazzeretti, and L. Mazzotti, “Malware triage for early identification of advanced persistent threat activities,” arXiv preprint arXiv:1810.07321, 2018.
H. Alasmary, A. Anwar, J. Park, J. Choi, D. Nyang, and A. Mohaisen, “Graph-based comparison of iot and android malware,” in International Conference on Computational Social Networks, pp. 259–272, Springer, 2018.
J. Singh and J. Singh, “Challenges of malware analysis: Obfuscation techniques,” International Journal of Information Security Science, vol. 7, p. 100, 2018.
N. S. Selamat, F. H. Mohd Ali, and N. A. Abu Othman, “Polymorphic malware detection,” in 2016 6th International Conference on IT Convergence and Security (ICITCS), pp. 1–5, Sept. 2016.
A. Miraglia, “Analysing the spreading of computer worms and viruses: potentials and limits,” Department of Computer Science, University of Zurich, 2011.
K. Vishnani, A. R. Pais, and R. Mohandas, “Detecting & defeating split personality malware,” in The Fifth International Conference on Emerging Security Information, Systems and Technologies, pp. 7–13, IEEE Computer Security, 2011.
C. Lever, P. Kotzias, D. Balzarotti, J. Caballero, and M. Antonakakis, “A lustrum of malware network communication: Evolution and insights,” in 2017 IEEE Symposium on Security and Privacy (SP), pp. 788–804, IEEE, 2017.
R. Sahita, X. Li, L. Lu, L. Deng, A. Shepsen, X. Xu, L. Huang, H. Liu, and K. Huang, “Executing full logical paths for malware detection,” June 29 2017. US Patent App. 14/998,178.
G. Pek, “New methods for detecting malware infections and new attacks´ against hardware virtualization,” 2015.
S. Naveen and T. G. Kumar, “Ransomware analysis using reverse engineering,” in International Conference on Advances in Computing and Data Sciences, pp. 185–194, Springer, 2019.
W. Ma, P. Duan, S. Liu, G. Gu, and J.-C. Liu, “Shadow attacks: automatically evading system-call-behavior based malware detection,” Journal in Computer Virology, vol. 8, no. 1-2, pp. 1–13, 2012.
J. Ming, Z. Xin, P. Lan, D. Wu, P. Liu, and B. Mao, “Impeding behavior-based malware analysis via replacement attacks to malware specifications,” Journal of Computer Virology and Hacking Techniques, vol. 13, no. 3, pp. 193–207, 2017.
W. Li, W. Meng, L.-F. Kwok, and H. Horace, “Enhancing collaborative intrusion detection networks against insider attacks using supervised intrusion sensitivity-based trust management model,” Journal of Network and Computer Applications, vol. 77, pp. 135–145, 2017.