By Topic

Survey on malware evasion techniques: State of the art and challenges

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

3 Author(s)
Marpaung, J.A.P. ; Dept. of Ubiquitous IT, Dongseo Univ., Busan, South Korea ; Sain, M. ; Hoon-Jae Lee

Nowadays targeted malware attacks against organizations are increasingly becoming more sophisticated, damaging, and difficult to detect. Current intrusion detection technologies are incapable of addressing many of the newer malware evasion techniques such as return-oriented programming and remote library injection. This paper presents a survey on the various techniques employed in malware to evade detection by security systems such as intrusion detection and anti-virus software. The evasion techniques we cover include obfuscation, fragmentation and session splicing, application specific violations, protocol violations, inserting traffic at IDS, denial of service, and code reuse attacks. We also discuss mitigations such as sandboxing, session reassembly, data execution prevention, address space layout randomization, control flow integrity, and Windows 8 ROP mitigation. We also compare evasion techniques with an analysis on the sophistication of the attack, challenges or difficulty to detect, and degree of impact.

Published in:

Advanced Communication Technology (ICACT), 2012 14th International Conference on

Date of Conference:

19-22 Feb. 2012