Obfuscation-based Malware Update: A comparison of Manual and Automated Methods
Keywords:Security, Malware, obfuscation techniques, cyberspace, antivirus
AbstractThis research presents a proposal of malware classification and its update based on capacity and obfuscation. This article is an extension of a, and describes the procedure for malware updating, that is, to take obsolete malware that is already detectable by antiviruses, update it through obfuscation techniques and thus making it undetectable again. As the updating of malware is generally performed manually, an automatic solution is presented together with a comparison from the standpoint of cost and processing time. The automated method proved to be more reliable, fast and less intensive in the use of resources, specially in terms of antivirus analysis and malware functionality checking times.
Balakrishnan A., Schulze C. (2005); Code obfuscation literature surveyt, CS701 Construction of compilers, vol. 19, 2005.
Bazrafshan Z., Hashemi H., Fard S. M. H., Hamzeh A. (2013), Survey on heuristic malware detection techniquest, Information and Knowledge Technology (IKT), 2013 5th Conference on, 113-120, 2013. doi: 10.1109/IKT.2013.6620049 https://doi.org/10.1109/IKT.2013.6620049
Balakrishnan A., Schulze C. (2010), Code obfuscation literature survey, CS701 Construction of Compilers, URL http://pages.cs.wisc.edu/ arinib/writeup.pdf, 19, 1-10, 2005.
Barria C., Cordero D., Cubillos C., Palma M. (2016), Proposed classification of malware, based on obfuscation, 2016 6th International Conference on Computers Communications and Control (ICCCC),IEEE Xplore 2016, ISBN: 978-1-5090-1735-5, 37-44, 2016. https://doi.org/10.1109/ICCCC.2016.7496735
Barria C., Cordero D., Cubillos C., Osses R, Obfuscation procedure based in dead code insertion into cryptert, 2016 6th International Conference on Computers Communications and Control, IEEE Xplore 2016, ISBN: 978-1-5090-1735-5, 23 - 29, 2016. https://doi.org/10.1109/ICCCC.2016.7496733
Egele M., Scholte T., Kirda E., Kruegel C(2008), A Survey on Automated Dynamic Malware-analysis Techniques and Tools, ACM Comput.Surv., 44(2), 1-6, 2008. https://doi.org/10.1145/2089125.2089126
Khurram M., Syed Noor-ul-Hassan S., Zikria Y. B., Nassar I.(2010), Evading Virus Detection Using Code Obfuscation, Future Generation Information Technology: Second International Conference, FGIT 2010, 394-401, 2010.
Konstantinou E., Wolthusen S. (2008), Metamorphic virus: Analysis and detection, Technical report, Royal Holloway University of London, vol. 15, 2008.
Kolter J., Maloof M. (2006), Learning to Detect and Classify Malicious Executables in the Wild,Journal of Machine Learning Research, 7(7), 2721-2744, 2006.
Kumar A., Shrivastava V. (2013), BASIC: Brief Analytical Survey on Metamorphic Code, International Journal of Advanced Research in Computer and Communication Engineering, 2(9), 1-5, 2013.
Kumar B., Prajapati A. (2013), Modelling and Simulation: CyberWar, Procedia Technology, 10, 987-997, 2013. https://doi.org/10.1016/j.protcy.2013.12.447
Livingston W. (2007), COTS: Commercial Off-The-Shell for Custom Off-The-Shelf, CrossTalk, www.stsc.hill.af.mil, 31-31, 2007
Neumann J. (1996), Theory of self-reproducing automata, University of Ilinois Press, Edited and completed by A. Burks, 1996.
[Online] ISO, 9241-11:1998, Ergonomic requirements for office work with visual display terminals (VDTs) - Part 11: Guidance on usability, March 1998.
[Online] Available: www.trendmicro.com/cloud-content/us/pdfs/securityintelligence/ reports/rpt- cashing-in-on-digital-information.pdf, TrendMicro, Roundup, 2013 Annual Security, 2013.
[Online]. Available: www.securitybydefault.com/2013/09/crypters-localizando-firmas- delos. html. A. Pasamar, CRYPTERS: Localizando firmas de los antivirus, September 2013. [Last Access: September 28 2016].
Rad B., Masrom M., Ibrahim S. (2012), Camouflage in malware: from encryption to metamorphism, International Journal of Computer Science and Network Security, 12, 74-83, 2012.
Vinod P., Jaipur R., Laxmi R., Gaur M. (2009), Survey on malware detection methods, Proceedings of the 3rd Hackers? Workshop on Computer and Internet Security, 74-79, 2009.
You I., Yim K. (2010), Malware obfuscation techniques: A brief survey, Proceedings of the 2010 International Conference on Broadband, Wireless Computing, Communication and Applications, 297-300, 2010. https://doi.org/10.1109/BWCCA.2010.85
Zhang Q., Reeves D. (2007), Metaaware: Identifying metamorphic malware, Computer Security Applications Conference, ACSAC 2007, 411-420, 2007. https://doi.org/10.1109/acsac.2007.9
ONLINE OPEN ACCES: Acces to full text of each article and each issue are allowed for free in respect of Attribution-NonCommercial 4.0 International (CC BY-NC 4.0.
You are free to:
-Share: copy and redistribute the material in any medium or format;
-Adapt: remix, transform, and build upon the material.
The licensor cannot revoke these freedoms as long as you follow the license terms.
DISCLAIMER: The author(s) of each article appearing in International Journal of Computers Communications & Control is/are solely responsible for the content thereof; the publication of an article shall not constitute or be deemed to constitute any representation by the Editors or Agora University Press that the data presented therein are original, correct or sufficient to support the conclusions reached or that the experiment design or methodology is adequate.