Abstract

The quality of anti-virus software relies on simple patterns extracted from binary files. Although these patterns have proven to work on detecting the specifics of software, they are extremely sensitive to concealment strategies, such as polymorphism or metamorphism. These limitations also make anti-virus software predictable, creating a security breach. Any black hat with enough information about the anti-virus behaviour can make its own copy of the software, without any access to the original implementation or database. In this work, we show how this is indeed possible by combining entropy patterns with classification algorithms. Our results, applied to 57 different anti-virus engines, show that we can mimic their behaviour with an accuracy close to 98% in the best case and 75% in the worst, applied on Windows’ disk resident malware.

Highlights

  • Malware is proliferating and growing exponentially every year, especially in the current software markets [1]

  • Understanding the decisions performed by different anti-viruses is reachable by combining entropy-based features and machine learning, as our tool, MimickAV, has proven

  • We have shown that for 57 anti-virus engines, MimickAV is able to imitate their behaviour with high accuracy, reaching up to 98% accuracy

Read more

Summary

Introduction

Malware is proliferating and growing exponentially every year, especially in the current software markets [1]. This is due to several different reasons, some of which relate to Moore’s law, which states the exponential growing tendency of technology, and others to the cybersecurity arms race. Emerging technologies, such as the internet of things [2], create new vulnerabilities that are normally exploited. Final users are normally ignorant to the infections on their machines, relying on anti-viruses to deal with these threats. The reliability of anti-viruses is not the strongest line of defence, several anti-virus companies are making strong efforts to deal with malware in a timely fashion

Objectives
Methods
Results
Conclusion
Full Text
Paper version not known

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Similar Papers

Paper Title
Journal
Date
Author
POSTER
Ignacio Martín ... Antonio Guzmán
-
Ignacio Martín, et. al.Ignacio Martín ... Antonio Guzmán
24 Oct 2016
Machine-Learning based analysis and classification of Android malware signatures
Ignacio Martín ... Sergio De Los Santos
Future generations computer systems : FGCS | VOL. 97
Ignacio Martín, et. al.Ignacio Martín ... Sergio De Los Santos
07 Mar 2019
An Analysis of Android Malware Classification Services.
Mohammed Rashed ... Guillermo Suarez-Tangil
Sensors (Basel, Switzerland) | VOL. 21
Mohammed Rashed, et. al.Mohammed Rashed ... Guillermo Suarez-Tangil
23 Aug 2021
Detecting Malicious Code by Binary File Checking
Marius Popa
Informatica Economica | VOL. 18
Marius PopaMarius Popa
30 Mar 2014
View more papers

More From: Entropy

Paper Title
Journal
Date
Author
A High-Performance FPGA PRNG Based on Multiple Deep-Dynamic Transformations
Shouliang Li ... Ruixuan Ning
Entropy | VOL. 26
Shouliang Li, et. al.Shouliang Li ... Ruixuan Ning
07 Aug 2024
Bilateral Matching Method for Business Resources Based on Synergy Effects and Incomplete Data
Shuhai Wang ... Yang Yu
Entropy | VOL. 26
Shuhai Wang, et. al.Shuhai Wang ... Yang Yu
06 Aug 2024
Effect of Pure Dephasing Quantum Noise in the Quantum Search Algorithm Using Atos Quantum Assembly
Maria Heloísa Fraga Da Silva ... Clebson Cruz
Entropy | VOL. 26
Maria Heloísa Fraga Da Silva, et. al.Maria Heloísa Fraga Da Silva ... Clebson Cruz
06 Aug 2024
Revisiting Possibilistic Fuzzy C-Means Clustering Using the Majorization-Minimization Method
Yuxue Chen ... Shuisheng Zhou
Entropy | VOL. 26
Yuxue Chen, et. al.Yuxue Chen ... Shuisheng Zhou
06 Aug 2024
View more papers