Obfuscation-based Malware Update: A comparison of Manual and Automated Methods

Cristian Barría, David Cordero, Claudio Cubillos, Miguel Palma, Daniel Cabrera

Abstract


This research presents a proposal of malware classification and its update based on capacity and obfuscation. This article is an extension of [4]a, and describes the procedure for malware updating, that is, to take obsolete malware that is already detectable by antiviruses, update it through obfuscation techniques and thus making it undetectable again. As the updating of malware is generally performed manually, an automatic solution is presented together with a comparison from the standpoint of cost and processing time. The automated method proved to be more reliable, fast and less intensive in the use of resources, specially in terms of antivirus analysis and malware functionality checking times.

Keywords


Security, Malware, obfuscation techniques, cyberspace, antivirus

Full Text:

PDF

References


Balakrishnan A., Schulze C. (2005); Code obfuscation literature surveyt, CS701 Construction of compilers, vol. 19, 2005.

Bazrafshan Z., Hashemi H., Fard S. M. H., Hamzeh A. (2013), Survey on heuristic malware detection techniquest, Information and Knowledge Technology (IKT), 2013 5th Conference on, 113-120, 2013. doi: 10.1109/IKT.2013.6620049
https://doi.org/10.1109/IKT.2013.6620049

Balakrishnan A., Schulze C. (2010), Code obfuscation literature survey, CS701 Construction of Compilers, URL http://pages.cs.wisc.edu/ arinib/writeup.pdf, 19, 1-10, 2005.

Barria C., Cordero D., Cubillos C., Palma M. (2016), Proposed classification of malware, based on obfuscation, 2016 6th International Conference on Computers Communications and Control (ICCCC),IEEE Xplore 2016, ISBN: 978-1-5090-1735-5, 37-44, 2016.
https://doi.org/10.1109/ICCCC.2016.7496735

Barria C., Cordero D., Cubillos C., Osses R, Obfuscation procedure based in dead code insertion into cryptert, 2016 6th International Conference on Computers Communications and Control, IEEE Xplore 2016, ISBN: 978-1-5090-1735-5, 23 - 29, 2016.
https://doi.org/10.1109/ICCCC.2016.7496733

Egele M., Scholte T., Kirda E., Kruegel C(2008), A Survey on Automated Dynamic Malware-analysis Techniques and Tools, ACM Comput.Surv., 44(2), 1-6, 2008.
https://doi.org/10.1145/2089125.2089126

Khurram M., Syed Noor-ul-Hassan S., Zikria Y. B., Nassar I.(2010), Evading Virus Detection Using Code Obfuscation, Future Generation Information Technology: Second International Conference, FGIT 2010, 394-401, 2010.

Konstantinou E., Wolthusen S. (2008), Metamorphic virus: Analysis and detection, Technical report, Royal Holloway University of London, vol. 15, 2008.

Kolter J., Maloof M. (2006), Learning to Detect and Classify Malicious Executables in the Wild,Journal of Machine Learning Research, 7(7), 2721-2744, 2006.

Kumar A., Shrivastava V. (2013), BASIC: Brief Analytical Survey on Metamorphic Code, International Journal of Advanced Research in Computer and Communication Engineering, 2(9), 1-5, 2013.

Kumar B., Prajapati A. (2013), Modelling and Simulation: CyberWar, Procedia Technology, 10, 987-997, 2013.
https://doi.org/10.1016/j.protcy.2013.12.447

Livingston W. (2007), COTS: Commercial Off-The-Shell for Custom Off-The-Shelf, CrossTalk, www.stsc.hill.af.mil, 31-31, 2007

Neumann J. (1996), Theory of self-reproducing automata, University of Ilinois Press, Edited and completed by A. Burks, 1996.

[Online] ISO, 9241-11:1998, Ergonomic requirements for office work with visual display terminals (VDTs) - Part 11: Guidance on usability, March 1998.

[Online] Available: www.trendmicro.com/cloud-content/us/pdfs/securityintelligence/ reports/rpt- cashing-in-on-digital-information.pdf, TrendMicro, Roundup, 2013 Annual Security, 2013.

[Online]. Available: www.securitybydefault.com/2013/09/crypters-localizando-firmas- delos. html. A. Pasamar, CRYPTERS: Localizando firmas de los antivirus, September 2013. [Last Access: September 28 2016].

Rad B., Masrom M., Ibrahim S. (2012), Camouflage in malware: from encryption to metamorphism, International Journal of Computer Science and Network Security, 12, 74-83, 2012.

Vinod P., Jaipur R., Laxmi R., Gaur M. (2009), Survey on malware detection methods, Proceedings of the 3rd Hackers? Workshop on Computer and Internet Security, 74-79, 2009.

You I., Yim K. (2010), Malware obfuscation techniques: A brief survey, Proceedings of the 2010 International Conference on Broadband, Wireless Computing, Communication and Applications, 297-300, 2010.
https://doi.org/10.1109/BWCCA.2010.85

Zhang Q., Reeves D. (2007), Metaaware: Identifying metamorphic malware, Computer Security Applications Conference, ACSAC 2007, 411-420, 2007.
https://doi.org/10.1109/acsac.2007.9




DOI: https://doi.org/10.15837/ijccc.2017.4.2961



Copyright (c) 2017 Cristian Barría, David Cordero, Claudio Cubillos, Miguel Palma, Daniel Cabrera

Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.

CC-BY-NC  License for Website User

Articles published in IJCCC user license are protected by copyright.

Users can access, download, copy, translate the IJCCC articles for non-commercial purposes provided that users, but cannot redistribute, display or adapt:

  • Cite the article using an appropriate bibliographic citation: author(s), article title, journal, volume, issue, page numbers, year of publication, DOI, and the link to the definitive published version on IJCCC website;
  • Maintain the integrity of the IJCCC article;
  • Retain the copyright notices and links to these terms and conditions so it is clear to other users what can and what cannot be done with the  article;
  • Ensure that, for any content in the IJCCC article that is identified as belonging to a third party, any re-use complies with the copyright policies of that third party;
  • Any translations must prominently display the statement: "This is an unofficial translation of an article that appeared in IJCCC. Agora University  has not endorsed this translation."

This is a non commercial license where the use of published articles for commercial purposes is forbiden. 

Commercial purposes include: 

  • Copying or downloading IJCCC articles, or linking to such postings, for further redistribution, sale or licensing, for a fee;
  • Copying, downloading or posting by a site or service that incorporates advertising with such content;
  • The inclusion or incorporation of article content in other works or services (other than normal quotations with an appropriate citation) that is then available for sale or licensing, for a fee;
  • Use of IJCCC articles or article content (other than normal quotations with appropriate citation) by for-profit organizations for promotional purposes, whether for a fee or otherwise;
  • Use for the purposes of monetary reward by means of sale, resale, license, loan, transfer or other form of commercial exploitation;

    The licensor cannot revoke these freedoms as long as you follow the license terms.

[End of CC-BY-NC  License for Website User]


INTERNATIONAL JOURNAL OF COMPUTERS COMMUNICATIONS & CONTROL (IJCCC), With Emphasis on the Integration of Three Technologies (C & C & C),  ISSN 1841-9836.

IJCCC was founded in 2006,  at Agora University, by  Ioan DZITAC (Editor-in-Chief),  Florin Gheorghe FILIP (Editor-in-Chief), and  Misu-Jan MANOLESCU (Managing Editor).

Ethics: This journal is a member of, and subscribes to the principles of, the Committee on Publication Ethics (COPE).

Ioan  DZITAC (Editor-in-Chief) at COPE European Seminar, Bruxelles, 2015:

IJCCC is covered/indexed/abstracted in Science Citation Index Expanded (since vol.1(S),  2006); JCR2018: IF=1.585..

IJCCC is indexed in Scopus from 2008 (CiteScore2018 = 1.56):

Nomination by Elsevier for Journal Excellence Award Romania 2015 (SNIP2014 = 1.029): Elsevier/ Scopus

IJCCC was nominated by Elsevier for Journal Excellence Award - "Scopus Awards Romania 2015" (SNIP2014 = 1.029).

IJCCC is in Top 3 of 157 Romanian journals indexed by Scopus (in all fields) and No.1 in Computer Science field by Elsevier/ Scopus.

 

 Impact Factor in JCR2018 (Clarivate Analytics/SCI Expanded/ISI Web of Science): IF=1.585 (Q3). Scopus: CiteScore2018=1.56 (Q2); Editors-in-Chief: Ioan DZITAC & Florin Gheorghe FILIP.