Detection model for evasive malware
The rapid growth of malware requires effective, automated, and accurate ways in analyzing and detecting it. Nowadays, malware not only have offensive characteristic, but also defensive ability to obfuscate itself to be analyzed or detected. It is more effective if these techniques can be identified before analyzing them. This research focuses on designing an effective, automated, and accurate model to detect evasive malware. A prototype is made to test the design. This prototype contains the most frequently evasion techniques used by malware: packer, anti debugging, and anti virtualization. In detecting packer, features of malware are extracted and scored based on the predefined risk and weight of each feature. Threshold of the score is set to determine the whether the malware is packed or not. This threshold value is validated with several classification techniques with ten folds of cross validation. In finding anti debugging and anti virtualization, several patterns are gathered. There are three categories of pattern: Windows API, x86 instructions, and string search. The accuracy of threshold score, which is used in determining packer is 98.16 percent with false positive rate 1.45 percent. The average time for processing a file that has size below 100 kilobyte is 3.2 second.
Availability
| M00297 | (wh) | Available |
Detail Information
- Series Title
-
-
- Call Number
-
297
- Publisher
- : Swiss German University., 2014
- Collation
-
-
- Language
-
English
- ISBN/ISSN
-
-
- Classification
-
-
- Content Type
-
-
- Media Type
-
-
- Carrier Type
-
-
- Edition
-
-
- Subject(s)
- Specific Detail Info
-
-
- Statement of Responsibility
-
-
Other version/related
No other version available
File Attachment
Comments
You must be logged in to post a comment
Computer Science, Information & General Works 
Philosophy & Psychology 
Religion 
Social Sciences 
Language 
Pure Science 
Applied Sciences 
Art & Recreation 
Literature 
History & Geography