Skip to Main content Skip to Navigation
Conference papers

Tutorial: an Overview of Malware Detection and Evasion Techniques

Abstract : This tutorial presents and motivates various malware detection tools and illustrates their usage on a clear example. We demonstrate how statically-extracted syntactic signatures can be used for quickly detecting simple variants of malware. Since such signatures can easily be obfuscated, we also present dynamically-extracted behavioral signatures which are obtained by running the malware in an isolated environment known as a sandbox. However, some malware can use sandbox detection to detect that they run in such an environment and so avoid exhibiting their malicious behavior. To counteract sandbox detection, we present concolic execution that can explore several paths of a binary. We conclude by showing how opaque predicates and JIT can be used to hinder concolic execution.
Document type :
Conference papers
Complete list of metadata

Cited literature [34 references]  Display  Hide  Download

https://hal.inria.fr/hal-01964222
Contributor : Cassius Puodzius <>
Submitted on : Friday, December 21, 2018 - 6:10:43 PM
Last modification on : Wednesday, May 12, 2021 - 3:39:36 AM
Long-term archiving on: : Friday, March 22, 2019 - 4:30:17 PM

File

main.pdf
Files produced by the author(s)

Identifiers

  • HAL Id : hal-01964222, version 1

Citation

Fabrizio Biondi, Thomas Given-Wilson, Axel Legay, Cassius Puodzius, Jean Quilbeuf. Tutorial: an Overview of Malware Detection and Evasion Techniques. ISoLA 2018 - 8th International Symposium On Leveraging Applications of Formal Methods, Verification and Validation, Oct 2018, Limassol, Cyprus. pp.1-23. ⟨hal-01964222⟩

Share

Metrics

Record views

362

Files downloads

2660