Abstract
The use of anti-virus software has become something of an act of faith. A recent study showed that more than 80 % of all personal computers have anti-virus software installed. However, the protection mechanisms in place are far less effective than users would expect. Malware analysis is a classical example of cat-and-mouse game: as new anti-virus techniques are developed, malware authors respond with new ones to thwart analysis. Every day, anti-virus companies analyze thousands of malware that has been collected through honeypots, hence they restrict the research to only already existing viruses. This article describes a novel method for malware obfuscation based an evolutionary opcode generator and a special ad-hoc packer. The results can be used by the security industry to test the ability of their system to react to malware mutations.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
Note: test have been executed on Windows 7, by default ASLR is enabled.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
References
Michael, S., Andrew, H.: Practical Malware Analysis - The Hands-On Guide to Dissecting Malicious Software. No Starch Press, San Francisco (2012)
Cohen, F.: Computer viruses: theory and experiments. Comput. Secur. 6(1), 22–35 (1987)
Von Neumann, J., Burks, A.W., et al.: Theory of self-reproducing automata. IEEE Trans. Neural Netw. 5(1), 3–14 (1966)
Chen, T.M., Robert, J.-M.: The evolution of viruses, worms. In: Statistical Methods in Computer Security, vol. 1 (2004)
Szor, P.: The art of computer virus research and defense. Pearson Education, Indianapolis (2005)
Yason, M.V.: The art of unpacking, Chicago (2007). Retrieved 12 February 2008
Guo, F., Ferrie, P., Chiueh, T.: A study of the packer problem and its solutions. In: Lippmann, R., Kirda, E., Trachtenberg, A. (eds.) RAID 2008. LNCS, vol. 5230, pp. 98–115. Springer, Heidelberg (2008)
Cani, A., Gaudesi, M., Sanchez, E., Squillero, G., Tonda, A.: Towards automated malware creation: code generation and code integration. In Proceedings of the 29th Annual ACM Symposium on Applied Computing pp. 157–160. ACM, March 2014
Gaudesi, M., Marcelli, A., Sanchez, E., Squillero, G., Tonda, A.: Malware obfuscation through evolutionary packers. In: Proceedings of the Companion Publication of the 2015 on Genetic and Evolutionary Computation Conference, pp. 757–758. ACM, July 2015
Noreen, S., Murtaza, S., Shafiq, M.Z., Farooq, M.: Evolvable malware. In: Proceedings of the 11th Annual Conference on Genetic and Evolutionary Computation, pp. 1569–1576. ACM, July 2009
Kayack, H.G., Zincir-Heywood, A.N., Heywood, M.I.: Can a good offense be a good defense? Vulnerability testing of anomaly detectors through an artificial arms race. Appl. Soft Comput. 11(7), 4366–4383 (2011)
Iliopoulos, D., Adami, C., Szor, P.: malware evolution and the consequences for computer security. arXiv preprint arxiv:1111.2503.Chicago
Szr, P., Ferrie, P.: Hunting for metamorphic. In: Virus Bulletin Conference, September 2001
Nachenberg, C.: Computer virus-coevolution. Commun. ACM 50(1), 46–51 (1997)
Perriot, F., Ferrie, P., Szor, P.: Striking similarities. Virus Bull., 4–6 (2002)
Desai, P.: Towards an undetectable computer virus (Doctoral dissertation, San Jose State University), Chicago (2008)
Xue, F.: Attacking antivirus. In: Black Hat Europe Conference (2008)
Microsoft Security Intelligence Report, vol. 18, December 2014
Ferrie, P., Szor, P.: Zmist opportunities. Virus Bull. 3(2001), 6–7 (2001)
Peering Inside the PE: A Tour of the Win32 Portable Executable File Format. https://msdn.microsoft.com/en-us/library/ms809762.aspx
Acknowledgments
A special thank to Peter Ferrie, principal anti-virus researcher at Microsoft, for answering the questions as well as his comments and feedback on latest malware obfuscation technologies.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this paper
Cite this paper
Gaudesi, M., Marcelli, A., Sanchez, E., Squillero, G., Tonda, A. (2016). Challenging Anti-virus Through Evolutionary Malware Obfuscation. In: Squillero, G., Burelli, P. (eds) Applications of Evolutionary Computation. EvoApplications 2016. Lecture Notes in Computer Science(), vol 9598. Springer, Cham. https://doi.org/10.1007/978-3-319-31153-1_11
Download citation
DOI: https://doi.org/10.1007/978-3-319-31153-1_11
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-31152-4
Online ISBN: 978-3-319-31153-1
eBook Packages: Computer ScienceComputer Science (R0)