Evasive Windows Malware: Impact on Antiviruses and Possible Countermeasures

Cédric Herzog; Valérie Viet Triem Tong; Pierre Wilke; Arnaud Van Straaten; Jean-Louis Lanet

Research.Publish.Connect.

*Please fill out at least one Field. *Value must be an number!

Title:
ISBN:
Year:
Acronym:
Subject:

Advanced Search Proceedings Search

If you're looking for an exact phrase use quotation marks on text fields.

*Please fill out at least one Field.

Title:
Author:
Affiliation:
Subject:

Advanced Search Papers Search

If you're looking for an exact phrase use quotation marks on text fields.

*Please fill out at least one Field.

Name:
Affiliation:
Country:
Conference:
Subject:

Advanced Search Authors Search

If you're looking for an exact phrase use quotation marks on text fields.

*Please fill out at least one Field.

Name:
Country:
Subject:

Advanced Search Affiliations Search

If you're looking for an exact phrase use quotation marks on text fields.

Proceedings

Proceedings Search *Please fill out at least one Field. *Value must be an number!

Title:
ISBN:
Year:
Acronym:
Subject:

Advanced Search Proceedings Search

If you're looking for an exact phrase use quotation marks on text fields.

Papers

Papers Search *Please fill out at least one Field.

Title:
Author:
Affiliation:
Subject:

Advanced Search Papers Search

If you're looking for an exact phrase use quotation marks on text fields.

Authors

Authors Search *Please fill out at least one Field.

Name:
Affiliation:
Country:
Conference:
Subject:

Advanced Search Authors Search

If you're looking for an exact phrase use quotation marks on text fields.

Advanced Search

Paper

Evasive Windows Malware: Impact on Antiviruses and Possible Countermeasures

Topics: Security Engineering; Software Security

In Proceedings of the 17th International Joint Conference on e-Business and Telecommunications SECRYPT - Volume 1, 302-309, 2020 , Lieusaint - Paris, France

Authors: Cédric Herzog ; Valérie Viet Triem Tong ; Pierre Wilke ; Arnaud Van Straaten and Jean-Louis Lanet

Affiliation: Inria, CentraleSupélec, Univ. Rennes, CNRS, IRISA, Rennes, France

Keyword(s): Antivirus, Evasion, Windows Malware, Windows API.

Abstract: The perpetual opposition between antiviruses and malware leads both parties to evolve continuously. On the one hand, antiviruses put in place solutions that are more and more sophisticated and propose more complex detection techniques in addition to the classic signature analysis. This sophistication leads antiviruses to leave more traces of their presence on the machine they protect. To remain undetected as long as possible, malware can avoid executing within such environments by hunting down the modifications left by the antiviruses. This paper aims at determining the possibilities for malware to detect the antiviruses and then evaluating the efficiency of these techniques on a panel of antiviruses that are the most used nowadays. We then collect samples showing this kind of behavior and propose to evaluate a countermeasure that creates false artifacts, thus forcing malware to evade.

CC BY-NC-ND 4.0

Guest: Register as new SciTePress user now for free.

SciTePress user: please login.

My Papers

You are not signed in, therefore limits apply to your IP address 18.221.187.121

In the current month:

Recent papers: 100 available of 100 total

2⁺ years older papers: 200 available of 200 total

Paper citation in several formats:

Herzog, C.; Tong, V.; Wilke, P.; Van Straaten, A. and Lanet, J. (2020). Evasive Windows Malware: Impact on Antiviruses and Possible Countermeasures. In Proceedings of the 17th International Joint Conference on e-Business and Telecommunications - SECRYPT; ISBN 978-989-758-446-6; ISSN 2184-7711, SciTePress, pages 302-309. DOI: 10.5220/0009816703020309

@conference{secrypt20,
author={Cédric Herzog. and Valérie Viet Triem Tong. and Pierre Wilke. and Arnaud {Van Straaten}. and Jean{-}Louis Lanet.},
title={Evasive Windows Malware: Impact on Antiviruses and Possible Countermeasures},
booktitle={Proceedings of the 17th International Joint Conference on e-Business and Telecommunications - SECRYPT},
year={2020},
pages={302-309},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0009816703020309},
isbn={978-989-758-446-6},
issn={2184-7711},
}

TY - CONF

JO - Proceedings of the 17th International Joint Conference on e-Business and Telecommunications - SECRYPT
TI - Evasive Windows Malware: Impact on Antiviruses and Possible Countermeasures
SN - 978-989-758-446-6
IS - 2184-7711
AU - Herzog, C.
AU - Tong, V.
AU - Wilke, P.
AU - Van Straaten, A.
AU - Lanet, J.
PY - 2020
SP - 302
EP - 309
DO - 10.5220/0009816703020309
PB - SciTePress