Abstract:
The rapid growth of malware requires effective, automated, and accurate ways in analyzing and detecting it. Nowadays, malware not only have offensive characteristic, but ...Show MoreMetadata
Abstract:
The rapid growth of malware requires effective, automated, and accurate ways in analyzing and detecting it. Nowadays, malware not only have offensive characteristic, but also defensive ability to obfuscate itself to be analyzed or detected. It is more effective if these techniques can be identified before analyzing them. This research focuses on designing an effective, automated, and accurate model to detect evasive malware. A prototype is made to test the design. This prototype contains the most frequently evasion techniques used by malware: packer, anti debugging, and anti virtualization. In detecting packer, features of malware are extracted and scored based on the predefined risk and weight of each feature. Threshold of the score is set to determine whether the malware is packed or not. For detecting anti debugging and anti virtualization, several heuristic patterns are gathered and utilized. These capabilities are integrated into our static detection model for evasive malware. The model is able to provide an accuracy of 98.16 percent in determining packed malware with a false positive rate of 1.45 percent. The average time for processing a file that has size below 100 kilobyte is 3.2 second.
Published in: 2015 10th International Conference on Communications and Networking in China (ChinaCom)
Date of Conference: 15-17 August 2015
Date Added to IEEE Xplore: 23 June 2016
Electronic ISBN:978-1-4799-8795-5