Obfuscation-based Malware Update: A comparison of Manual and Automated Methods

Authors

  • Cristian Barrí­a Pontificia Universidad Católica de Valparaí­so Valparaí­so, Chile
  • David Cordero Universidad Andrés Bello Santiago, Chile
  • Claudio Cubillos Pontificia Universidad Católica de Valparaí­so Valparaí­so, Chile
  • Miguel Palma Universidad Tecnológica de Chile Santiago, Chile
  • Daniel Cabrera Universidad de Valparaí­so Valparaí­so, Chile

Keywords:

Security, Malware, obfuscation techniques, cyberspace, antivirus

Abstract

This research presents a proposal of malware classification and its update based on capacity and obfuscation. This article is an extension of [4]a, and describes the procedure for malware updating, that is, to take obsolete malware that is already detectable by antiviruses, update it through obfuscation techniques and thus making it undetectable again. As the updating of malware is generally performed manually, an automatic solution is presented together with a comparison from the standpoint of cost and processing time. The automated method proved to be more reliable, fast and less intensive in the use of resources, specially in terms of antivirus analysis and malware functionality checking times.

References

Balakrishnan A., Schulze C. (2005); Code obfuscation literature surveyt, CS701 Construction of compilers, vol. 19, 2005.

Bazrafshan Z., Hashemi H., Fard S. M. H., Hamzeh A. (2013), Survey on heuristic malware detection techniquest, Information and Knowledge Technology (IKT), 2013 5th Conference on, 113-120, 2013. doi: 10.1109/IKT.2013.6620049 https://doi.org/10.1109/IKT.2013.6620049

Balakrishnan A., Schulze C. (2010), Code obfuscation literature survey, CS701 Construction of Compilers, URL http://pages.cs.wisc.edu/ arinib/writeup.pdf, 19, 1-10, 2005.

Barria C., Cordero D., Cubillos C., Palma M. (2016), Proposed classification of malware, based on obfuscation, 2016 6th International Conference on Computers Communications and Control (ICCCC),IEEE Xplore 2016, ISBN: 978-1-5090-1735-5, 37-44, 2016. https://doi.org/10.1109/ICCCC.2016.7496735

Barria C., Cordero D., Cubillos C., Osses R, Obfuscation procedure based in dead code insertion into cryptert, 2016 6th International Conference on Computers Communications and Control, IEEE Xplore 2016, ISBN: 978-1-5090-1735-5, 23 - 29, 2016. https://doi.org/10.1109/ICCCC.2016.7496733

Egele M., Scholte T., Kirda E., Kruegel C(2008), A Survey on Automated Dynamic Malware-analysis Techniques and Tools, ACM Comput.Surv., 44(2), 1-6, 2008. https://doi.org/10.1145/2089125.2089126

Khurram M., Syed Noor-ul-Hassan S., Zikria Y. B., Nassar I.(2010), Evading Virus Detection Using Code Obfuscation, Future Generation Information Technology: Second International Conference, FGIT 2010, 394-401, 2010.

Konstantinou E., Wolthusen S. (2008), Metamorphic virus: Analysis and detection, Technical report, Royal Holloway University of London, vol. 15, 2008.

Kolter J., Maloof M. (2006), Learning to Detect and Classify Malicious Executables in the Wild,Journal of Machine Learning Research, 7(7), 2721-2744, 2006.

Kumar A., Shrivastava V. (2013), BASIC: Brief Analytical Survey on Metamorphic Code, International Journal of Advanced Research in Computer and Communication Engineering, 2(9), 1-5, 2013.

Kumar B., Prajapati A. (2013), Modelling and Simulation: CyberWar, Procedia Technology, 10, 987-997, 2013. https://doi.org/10.1016/j.protcy.2013.12.447

Livingston W. (2007), COTS: Commercial Off-The-Shell for Custom Off-The-Shelf, CrossTalk, www.stsc.hill.af.mil, 31-31, 2007

Neumann J. (1996), Theory of self-reproducing automata, University of Ilinois Press, Edited and completed by A. Burks, 1996.

[Online] ISO, 9241-11:1998, Ergonomic requirements for office work with visual display terminals (VDTs) - Part 11: Guidance on usability, March 1998.

[Online] Available: www.trendmicro.com/cloud-content/us/pdfs/securityintelligence/ reports/rpt- cashing-in-on-digital-information.pdf, TrendMicro, Roundup, 2013 Annual Security, 2013.

[Online]. Available: www.securitybydefault.com/2013/09/crypters-localizando-firmas- delos. html. A. Pasamar, CRYPTERS: Localizando firmas de los antivirus, September 2013. [Last Access: September 28 2016].

Rad B., Masrom M., Ibrahim S. (2012), Camouflage in malware: from encryption to metamorphism, International Journal of Computer Science and Network Security, 12, 74-83, 2012.

Vinod P., Jaipur R., Laxmi R., Gaur M. (2009), Survey on malware detection methods, Proceedings of the 3rd Hackers? Workshop on Computer and Internet Security, 74-79, 2009.

You I., Yim K. (2010), Malware obfuscation techniques: A brief survey, Proceedings of the 2010 International Conference on Broadband, Wireless Computing, Communication and Applications, 297-300, 2010. https://doi.org/10.1109/BWCCA.2010.85

Zhang Q., Reeves D. (2007), Metaaware: Identifying metamorphic malware, Computer Security Applications Conference, ACSAC 2007, 411-420, 2007. https://doi.org/10.1109/acsac.2007.9

Published

2017-06-29

Most read articles by the same author(s)

Obs.: This plugin requires at least one statistics/report plugin to be enabled. If your statistics plugins provide more than one metric then please also select a main metric on the admin's site settings page and/or on the journal manager's settings pages.