-
- Amir Afianian
- APA Research Center, Amirkabir University of Technology, Valiasr Square, Tehran, Iran
-
- Salman Niksefat
- APA Research Center, Amirkabir University of Technology, Valiasr Square, Tehran, Iran
-
- Babak Sadeghiyan
- APA Research Center, Amirkabir University of Technology, Valiasr Square, Tehran, Iran
-
- David Baptiste
- ESIEA (C + V)O Lab, Laval, France
書誌事項
- タイトル別名
-
- A Survey
抄録
<jats:p>The cyber world is plagued with ever-evolving malware that readily infiltrate all defense mechanisms, operate viciously unbeknownst to the user, and surreptitiously exfiltrate sensitive data. Understanding the inner workings of such malware provides a leverage to effectively combat them. This understanding is pursued often through dynamic analysis which is conducted manually or automatically. Malware authors accordingly, have devised and advanced evasion techniques to thwart or evade these analyses. In this article, we present a comprehensive survey on malware dynamic analysis evasion techniques. In addition, we propose a detailed classification of these techniques and further demonstrate how their efficacy holds against different types of detection and analysis approaches.</jats:p> <jats:p>Our observations attest that evasive behavior is mostly concerned with detecting and evading sandboxes. The primary tactic of such malware we argue is fingerprinting followed by new trends for reverse Turing test tactic which aims at detecting human interaction. Furthermore, we will posit that the current defensive strategies, beginning with reactive methods to endeavors for more transparent analysis systems, are readily foiled by zero-day fingerprinting techniques or other evasion tactics such as stalling. Accordingly, we would recommend the pursuit of more generic defensive strategies with an emphasis on path exploration techniques that has the potential to thwart all the evasive tactics.</jats:p>
収録刊行物
-
- ACM Computing Surveys
-
ACM Computing Surveys 52 (6), 1-28, 2019-11-14
Association for Computing Machinery (ACM)
- Tweet
詳細情報 詳細情報について
-
- CRID
- 1360298342534034176
-
- DOI
- 10.1145/3365001
-
- ISSN
- 15577341
- 03600300
-
- データソース種別
-
- Crossref