Antivirus Research Articles

FCG-MFD: Benchmark function call graph-based dataset for malware family detection

Cyber crimes related to malware families are on the rise. This growth persists despite the prevalence of various antivirus software and approaches for malware detection and classification. Security experts have implemented Machine Learning (ML) techniques to identify these cyber-crimes. However, these approaches demand updated malware datasets for continuous improvements amid the evolving sophistication of malware strains. Thus, we present the FCG-MFD, a benchmark dataset with extensive Function Call Graphs (FCG) for malware family detection. This dataset guarantees resistance against emerging malware families by enabling security systems. Our dataset has two sub-datasets (FCG & Metadata) (1,00,000 samples) from VirusSamples, Virusshare, VirusSign, theZoo, Vx-underground, and MalwareBazaar curated using FCGs and metadata to optimize the efficacy of ML algorithms. We suggest a new malware analysis technique using FCGs and graph embedding networks, offering a solution to the complexity of feature engineering in ML-based malware analysis. Our approach to extracting semantic features via the Natural Language Processing (NLP) method is inspired by tasks involving sentences and words, respectively, for functions and instructions. We leverage a node2vec mechanism-based graph embedding network to generate malware embedding vectors. These vectors enable automated and efficient malware analysis by combining structural and semantic features. We use two datasets (FCG & Metadata) to assess FCG-MFD performance. F1-Scores of 99.14% and 99.28% are competitive with State-of-the-art (SOTA) methods.

دراسة تطبيقية عن دور إدارة المخاطر في تعزيز الأمن السيبراني للمؤسسات الصغيرة والمتوسطة في المملكة العربية السعودية

This study aimed to evaluate and improve cyber risk management in small and medium enterprises in the Kingdom of Saudi Arabia. The study relied on the descriptive, analytical and inductive approach, using data collection tools such as questionnaires, interviews and case studies. The most prominent results were weak level of use of information technology among 50% of employees. Shipping and delivery procedures policy is the most used at 33%. Antivirus software is the most used security technology at 40%. Fake audio and video attacks represent the biggest obstacle to cyber risk management at 30%. 50% of employees are aware of cyber risks. There is a strong correlation (89%) between employee awareness and cyber risk management. Key recommendations include raising awareness, developing comprehensive policies, conducting periodic risk assessments, investing in modern technologies, building a strong security culture, and providing qualified human resources.

Leveraging Advanced Machine Learning Algorithms for Enhanced Cyberattack Detection on U.S. Business Networks

Cyberattacks' rising volume and sophistication have made conventional security measures, such as firewalls, signature-based intrusion detection systems, and antivirus software, increasingly inadequate. The upsurge of cyber threats has been one of the most pressing predicaments for U.S. organizations in the digital age. With the increased dependence on internet-based forums, cloud computing, and interconnected networks, companies face an advancing number of extreme cyberattacks. The chief objective of this research project is to design and deploy proven machine learning methods to enhance the detection and combating of cyberattacks on U.S. organization networks. This research project retrieved a cyber-attack dataset from Kaggle.com, which had a collection of public datasets of cyber threats. This dataset was curated precisely, offering a realistic representation of cyber-attack scenarios, making it an ideal playground for various analytical tasks. The collection was classified as per the source of the relevant information, such as host-based datasets, network traffic datasets, malware or fraud reports, or a special section for datasets that can be classified according to a specific source. The dataset comprised numerous network traffic attributes such as source and destination IP addresses, ports, protocol, payload size, and attack labels. For this research project, three machine learning algorithms were used, namely: Logistic Regression, XG-Boost and Random Forest. This research project applied performance metrics such as accuracy, precision, recall, and F1 score for the performance of the classification models were considered. The result illustrated that the random forest model was far superior in accuracy compared to the logistic regression model; particularly, it had excellent accuracy. Through the use of advanced machine learning models, organizations will be in a position to devise more dynamic and intelligent security systems that evolve with the threat landscape. These intelligent systems monitor every kind of anomaly, malicious activity, and threat response with unparalleled effectiveness. The findings of this research project have significant implications for enhancing cybersecurity in U.S. organizational networks.

Healthiness and Safety of Smart Environments through Edge Intelligence and Internet of Things Technologies

Smart environments exploit rising technologies like Internet of Things (IoT) and edge intelligence (EI) to achieve unseen effectiveness and efficiency in every tasks, including air sanitization. The latter represents a key preventative measure–made even more evident by the COVID-19 pandemic–to significantly reduce disease transmission and create healthier and safer indoor spaces, for the sake of its occupants. Therefore, in this paper, we present an IoT-based system aimed at the continuous monitoring of the air quality and, through EI techniques, at the proactively activation of ozone lamps, while ensuring safety in sanitization. Indeed, these devices ensure extreme effectiveness in killing viruses and bacteria but, due to ozone toxicity, they must be properly controlled with advanced technologies for preventing occupants from dangerous exposition as well as for ensuring system reliability, operational efficiency, and regulatory compliance.

CADefender: Detection of unknown malicious AutoLISP computer-aided design files using designated feature extraction and machine learning methods

Computer-aided design (CAD) files are used to create digital designs for various structures – from the smallest chips in the high-tech industry to large-scale buildings and bridges in the civil engineering space. We found that most exploits and malicious payloads are deployed through Auto List Processing (AutoLISP) source code (LSP) or Fast Load AutoLISP (FAS) files, which are non-executable files (NEFs) containing scripts in the AutoLISP language that are native to AutoCAD; While antivirus software is capable of detecting many malicious CAD files, the potential to improve protection by using a dedicated machine learning (ML) based detection solution remains, especially against unknown and sophisticated CAD malware. In this study, we are the first to propose designated feature extraction methods and a robust framework aimed at the detection of known and unknown AutoLISP malware using ML algorithms. To accomplish this, we examined the structure, functionality, and ecosystems of AutoLISP files and collected the largest known representative collection of LSP files consisting of 6418 malicious and benign files (labeled and verified). We then explored the use of two novel static-analysis-based feature extraction methods (knowledge-based and structural) designated for LSP files to extract a discriminative set of informative features, which can subsequently be used by ML models to detect malicious LSP files. These two feature extraction methods serve as the basis of the proposed detection framework, whose performance we comprehensively compare to both widely used antiviruses and baseline ML models based on existing feature extraction methods, including MinHash, Bidirectional Encoder Representations from Transformers (BERT), and n-gram. Our results highlight our methods' contributions to the detection of unknown AutoLISP malware and demonstrate their ability to outperform existing methods. The best performance in the task of unknown malicious LSP file detection was obtained by the Artificial Neural Networks (ANN) model trained on 100 knowledge-based features, which obtained a true positive rate (TPR) of 99.49% with a false positive rate (FPR) of 0.57%. Our framework's role in explainability is also highlighted, as we also present the prominent features that contribute most to the model's detection capabilities; this information can be used for explainability purposes. We conclude by evaluating the proposed framework's ability to detect a malicious file from an unknown AutoLISP malware family and by evaluating our framework on an additional independent test set that originated from another source, scenarios that are often faced by malware detection solutions.

Cyber Fraud, Causes and Its Effect on Money Deposit Banks

The study examined cyber fraud, causes and its effect on money deposit banks (DMB) in Nigeria: a study of Zenith Bank. The main objective is to examine electronic frauds, causes and its challenges in the banking sector. The study is hinged on two hypotheses; 49 branches; sample of 557 staff. Structured questionnaire was used to capture the response of the bank staff and it was analyzed using statistical package for social science version 27 (SPSS). Descriptive statistics and multiple regression were employed in the data analysis. Among the findings were accounting fraud by bank staff, identity theft, money laundering, phishing, pharming, computer virus, lack of oversight function,lack of standards, financial loss, absence of national central control, lack of credible infrastructure, porous internet, lack of national functional database, and inadequate awareness by bank customers were the challenges militating the effort towards curbing the cyber fraud in the banking system in Nigeria. The findings also revealed that cybercrime reduced productivity; vulnerability of banks Information and Communication Technology (ICT) systems and security audit. The study recommends adequate antivirus and antimalware software technology and the use of multi-factor authentication, use of biometrics, automatic logout are the solutions identified to curb cybercrimes in banks. The study concluded that the place of security in the cyber space of banks in Nigeria cannot be oversemphasied, therefore necessary measures should be put in place towards mitigating cybercrime in Zenith Bank. Equally, Zenith Bank should employ stringent measures to monitor staff activities especially in the confidentiality of customer information, cyber security audit should be done on regular basis, sensitization of bank customers, and Multifactor authentication, biometrics and automatic log out, and strong firewall should be adopted by Zenith Bank.

An Examination of Threats and Countermeasures Relating to Healthcare Cyber Risks: The Case of Kenyatta National Hospital

Background Africa has seen an exponential increase in internet penetration and ICT affordances since the turn of the twenty-first century. Healthcare institutions are scrambling to put in place the appropriate safeguards to protect their patients' data from unauthorized access since the need to protect private information has become critical, particularly for cybercriminals eyeing the data of medical patients. This thesis investigates cyber security threats and countermeasures in healthcare, with a focus on Kenyatta National Hospital (KNH). Given Africa's increased internet use and the critical need to protect patient data from cybercriminals, the study explores how data protection and cyber security influence healthcare delivery at the hospital.  Key Objectives To examine cyber threats and countermeasures employed by KNH as well as analyzing the impact of Kenya's Cybercrime Act.  Results The survey at Kenyatta National Hospital shows strong cybersecurity measures, with 89% having dedicated resources and 88% using computers regularly. Regarding the Kenya Cybercrime Act, 74% know how to detect and report hacks, though 8% have encountered malware and 12% lack basic malware knowledge. 78% have anti-virus software, and 63% verify email attachments, while knowledge of social engineering and email scams is limited, revealing a need for further education. The second objective looked at the impact of Kenya Cybercrime Act, as a local data protection laws on supporting patient- healthcare system at Kenyatta National Hospital. A significant majority, 74%, are aware of when their computer is hacked or infected and know whom to contact in such cases. The results also show that 79% of respondents have never encountered a virus or trojan on their computers. When opening email attachments, 63% of respondents always verify that the attachment is from a known and expected source. Knowledge of social engineering attacks is limited, with only 18% of respondents aware of these threats and 82% unfamiliar with them. Regarding email scams, 51% do not know what an email scam is or how to recognize one, underscoring a need for further training. Finally, while 85% of respondents believe their computers are not valuable to hackers, 15% recognize their potential as targets, reflecting differing perceptions of risk and emphasizing the need for ongoing cyber security education.

What helps adult learners with little formal schooling to develop basic digital skills?

In today’s world, having at least basic digital skills is essential in working, social, and family life. The present study uses grounded theory to explore ways in which people with little formal schooling engage with the digital world. Drawing on 54 semi-structured interviews, it describes how people with little IT experience from formal education obtain information about digital security, privacy, the functioning of antivirus software, software updates, and so on. We introduce the concepts of computer world and ministories which draw parallels between the online and offline worlds. While creating the concepts of computer world and ministories, we follow Richard Mayer’s theory of multimedia learning, and thus ministories are based on the appropriate combination of images and texts. The study attempts to answer the following general question: ‘Is it better to teach people how to work with specific apps for everyday use or teach them the principles that are behind them?’. This question should be asked when creating new approach in IT education and not only in lifelong learning.

Enhancing Linux System Security: A Kernel-Based Approach to Fileless Malware Detection and Mitigation

In the late 20th century, computer viruses emerged as powerful malware that resides permanently in target hosts. For a virus to function, it must load into memory from persistent storage, such as a file on a hard drive. Due to the significant destructive potential of viruses, numerous defense measures have been developed to protect computer systems. Among these, antivirus software is one of the most recognized and widely used. Typically, antivirus solutions rely on static analysis (signature-based) technologies to detect infections in files stored on permanent storage devices, such as hard drives or USB (Universal Serial Bus) flash drives. However, a new breed of malware, fileless malware, has been designed to evade detection and enhance durability. Fileless malware resides solely in the memory of the target hosts, circumventing traditional antivirus software, which cannot access or analyze processes executed directly from memory. This study proposes the Check-on-Execution (CoE) kernel-based approach to detect fileless malware on Linux systems. CoE intervenes by suspending code execution before a program executes code from a process’s writable and executable memory area. To prevent the execution of fileless malware, CoE extracts the code from memory, packages it with an ELF (Executable and Linkable Format) header to create an ELF file, and uses VirusTotal for analysis. Experimental results demonstrate that CoE significantly enhances a Linux system’s ability to defend against fileless malware. Additionally, CoE effectively protects against shell code injection attacks, including buffer and memory overflows, and can handle packed malware. However, it is important to note that this study focuses exclusively on fileless malware, and further research is needed to address other types of malware.

Recommendation mobile antivirus for Android smartphones based on malware detection

<p>The proliferation of smartphone malware attacks due to a lack of vigilance in app selection raises serious concerns. Built-in smartphone security features often must be improved to protect devices from these threats. Although numerous articles recommend top-tier antivirus solutions, there need to be more reliable data sources that raise suspicions about undisclosed promotional motives. This research endeavors to establish a ranking of antivirus efficacy to provide optimal recommendations for Android smartphone users. The research methodology entails a meticulous comparison of malware detection and labeling outcomes between various antivirus programs within Virustotal and the labeling system employed by the Euphony application. The comparative results are categorized into three groups: antivirus solutions proficient in identifying specific malware types, those detecting malware presence without categorization, and antivirus software failing to detect malware effectively. The experimental findings present the five leading antivirus solutions, ranked from the highest to lowest scores, as Ikarus, Fortinet, ESET-NOD32, Avast-Mobile, and SymantecMobileInsight. Based on the comprehensive assessment conducted in this study, these solutions are recommended as the top antivirus choices. These recommendations are poised to significantly aid users in selecting the most suitable antivirus protection for their Android smartphones.</p>

Digital Literacy, Skills, and Security: Impact on Digital Leadership in Higher Education

This research examines the influence of digital literacy and social media usage skills on digital leadership in higher education and the moderating role of digital security and antivirus software. This research uses the path analysis method with Smart PLS 4.0 software. They were conducted from January to February 2024, involving 100 management program students using the saturated sampling method. The research results show that digital literacy and social media usage skills positively and significantly affect digital leadership. Digital security also has a positive impact on digital leadership. However, the hypothesis regarding antivirus and security systems as moderating variables was rejected, indicating that they did not increase the influence of digital security or social media skills on digital leadership. This research contributes to developing university curricula and leadership programs by integrating aspects of digital security. The model successfully identified significant influences on digital leadership with high reliability and validity. The rejection of some moderation hypotheses suggests that further research is needed to understand the dynamics between these variables, paving the way for refining the model and exploring other influencing factors.

Prediction of novel malware using hybrid convolution neural network and long short-term memory approach

The rapid evolution of network communication technologies has led to the emergence of new forms of malware and cybercrimes, posing significant threats to user safety, network infrastructure integrity, and data privacy. Despite efforts to develop advanced algorithms for detecting malicious activity, constructing models that are both accurate and reliable remains a challenge, especially in handling vast and dynamically shifting data patterns. The prevalent bag-of-words (BOW) method, while widely used, falls short in capturing crucial spatial and sequence information vital for detecting malware patterns. To address this challenge, the work presented in this paper proposes hybrid convolution neural network-long short-term memory network (CNN-LSTM) combination models, leveraging CNN's spatial information extraction and LSTM's temporal modeling capabilities. Focused on predicting the infiltration of malicious software into personal computers, the proposed hybrid CNN-LSTM model considers factors such as location, firmware version, operating system, and anti-virus software. The proposed models undergo training and evaluation using Microsoft's malware dataset, demonstrating superior performance compared to traditional CNN and LSTM models. The CNN-LSTM model achieves an impressive accuracy of 95% on the Microsoft malware dataset, highlighting its effectiveness in malware detection.

Early mitigation of CPU-optimized ransomware using monitoring encryption instructions

Ransomware attacks pose a significant threat to information systems. Server hosts, including cloud infrastructure as a service, are prime targets for ransomware developers. To address this, security mechanisms, such as antivirus software, have proven effective. Moreover, research on ransomware detection advocates for behavior-based finding mechanisms while ransomware is in operation. In response to evolving detections, ransomware developers are now adapting an optimized design tailored for CPU architecture (CPU-optimized ransomware). This variant can rapidly encrypt files, potentially evading detection by traditional antivirus methods that rely on fixed time intervals for file scans. In ransomware detection research, numerous files can be encrypted by CPU-optimized ransomware until malicious activity is detected. This study proposes an early mitigation mechanism named CryptoSniffer, which is designed specifically to counter CPU-optimized ransomware attacks on server hosts. CryptoSniffer focuses on the misuse of CPU architecture-specific encryption instructions for swift file encryption by CPU-optimized ransomware. This can be achieved by capturing the ciphertext in user processes and thwarting file encryption by scrutinizing the content intended for writing. To demonstrate the efficacy of CryptoSniffer, the mechanism was implemented in the latest Linux kernel, and its security and performance were systematically evaluated. The experimental results demonstrate that CryptoSniffer successfully prevents real-world CPU-optimized ransomware, and the performance overhead is well-suited for practical applications.

Analysis of problems and countermeasures in computer network engineering security

This paper analyzes the existing security issues in computer network engineering and proposes a series of countermeasures. To address the problems of hacker attacks and information leakage, it is recommended to strengthen network monitoring and the application of encryption technology. For the issues of malware and virus dissemination, it is advised to regularly update antivirus software and enhance employee security awareness training. Regarding network data leakage and privacy breaches, the use of secure transmission protocols and multi-factor authentication technology is advocated. For network security management and maintenance issues, establishing a sound security management system and emergency response plans is recommended to ensure the stable operation of network systems. Through the implementation of the above measures, the security level of computer network engineering can be effectively improved, ensuring the normal operation of network systems and the security of information.

Cyber Threats in the Health Sector in the DRC: Risks, Opportunities, Consequences and Preventive Measures

While hackers ravage the world, social media, banking and other accounts are hacked every day, but cyber threats in DRC are not taken very seriously. There is a total negligence on the part of the country's authorities and hospital managers and human lives are in danger. one of the large hospitals of Kinshasa HJ Hospital has always been faced with multiple problems concerning its system. Once I left to get tested, I found a crowd waiting for the results because their system was blocked. It took almost a week to find a solution to this problem. But no statement has been released regarding this issue. lives are in danger; personal data is not protected and no one is complaining. We encounter many diverse cases across the country. With a country of more than 100 million inhabitants, the country cannot escape this scourge. As in many other countries, healthcare facilities in the DRC are increasingly dependent on IT systems to manage patient records, appointments, medical prescriptions and other critical aspects of their operation. However, this increased reliance on information and communications technology (ICT) also exposes healthcare organizations to various online threats, such as cyberattacks, malware, ransomware, and data theft. These threats can have serious consequences, including disruption of healthcare services, disclosure of confidential patient data and even endangering lives. To combat these threats, it is crucial that healthcare facilities in the DRC implement robust cybersecurity measures. This includes raising staff awareness of IT security practices, implementing effective firewalls and antivirus software, regularly backing up data, and training and educating users on how to recognize and report malware. suspicious online activities. Additionally, close collaboration between health authorities, regulators, healthcare providers and cybersecurity experts is essential to develop effective policies and protocols to protect healthcare infrastructure and data from cyber threats. constantly evolving. 1 Published by Maxime Gautier, December 13 2023 We decided to put together this article to be able to enlighten the entire Congolese community, more specifically health establishments, and warn them about the dangers and risks of technology.

A Formal Concept Analysis approach to hierarchical description of malware threats

The problem of intelligent malware detection has become increasingly relevant in the industry, as there has been an explosion in the diversity of threats and attacks that affect not only small users, but also large organisations and governments. One of the problems in this field is the lack of homogenisation or standardisation in the nomenclature used by different antivirus programs for different malware threats. The lack of a clear definition of what a category is and how it relates to individual threats makes it difficult to share data and extract common information from multiple antivirus programs. Therefore, efforts to create a common naming convention and hierarchy for malware are important to improve collaboration and information sharing in this field.Our approach uses as a tool the methods of Formal Concept Analysis (FCA) to model and attempt to solve this problem. FCA is an algebraic framework able to discover useful knowledge in the form of a concept lattice and implications relating to the detection and diagnosis of suspicious files and threats. The knowledge extracted using this mathematical tool illustrates how formal methods can help prevent new threats and attacks. We will show the results of applying the proposed methodology to the identification of hierarchical relationships between malware.

Deep Learning-Based Detection of Android Malware using Graph Convolutional Networks (GCN)

The study is centered around identifying Android malware using deep learning methods through Graph Neural Networks (GNNs) and Graph Convolutional Networks (GCNs). With Android being widely used worldwide ensuring the security of released applications poses a challenge. Conventional malware detection techniques, like dynamic analysis have limitations in recognizing new malware types leading to a shift towards machine learning and deep learning solutions. The research introduces a malware detection system that employs GNNs particularly focusing on GCNs to analyze the relationships within an applications code by transforming APK files into graph formats. The system follows stages including data gathering, feature extraction, graph construction, model training and implementation. By concentrating on function call graphs the system proves effective in identifying software surpassing traditional machine learning methods in terms of accuracy, precision, recall and F1 score. The GCN based model shows enhancements over approaches with an accuracy rate of 95% compared to 89%, for traditional machine learning models. This progress highlights the potential of learning techniques in bolstering Android security. The system excels not in identifying software but also proves versatile, for different uses like screening apps, in stores and functioning as a standalone antivirus program.

Small Steps, Big Security: TAM-Powered Insights of Cybersecurity Adoption Among Small-And-Medium Entrepreneurs in Digital Business

Embracing digital business enhances company resilience, yet small and medium-sized enterprises (SMEs) often lack resources to combat cyber threats, unlike larger enterprises. Sophisticated cyberattacks surpass standard antivirus software, necessitating a shift in cybersecurity strategies. Therefore, this study aimed to investigate the relationship between knowledge, perceived usefulness, perceived ease of use, and the adoption of cybersecurity among small-and-medium entrepreneurs in Perak, Malaysia. Guided by the Technology Acceptance Model (TAM), this ongoing research employed a quantitative approach by distributing questionnaires to 400 digital entrepreneurs in the small and medium-sized business sectors in Perak. The findings revealed that the majority of entrepreneurs possessed a relatively high level of knowledge about cybersecurity. Furthermore, the study identified a strong positive correlation between knowledge and perceived usefulness (correlation coefficient r = 0.639), as well as a moderately positive correlation between knowledge and perceived ease of use (correlation coefficient r = 0.435) among small and medium entrepreneurs in Perak. Consequently, this study contributes to a better understanding of the Technology Acceptance Model (TAM) within the context of perceived usefulness, perceived ease of use, and the adoption of cybersecurity, thereby enriching the existing literature on cybersecurity among small and medium entrepreneurs in the era of digital business.

Dynamic behaviors of a modified computer virus model: Insights into parameters and network attributes

Securing computers is crucial to prevent data breaches, identity theft, and financial losses. Virus incursions disrupt operations, causing downtime and costly repairs. Protective measures, including anti-virus software and cybersecurity practices, maintain network integrity and reduce the spread of malware. Combining robust cybersecurity with green computing strategies ensures efficient energy usage and sustainable network environments, safeguarding against viruses while contributing to both security and environmental goals In this study, we explore the dynamic behaviors of a modified version of the computer virus model and elucidate the connection between its parameters and network attributes. We employ Banach’s and Schaefer’s fixed-point theorems to assess the existence and uniqueness of solutions of the suggested model. Furthermore, we establish sufficient conditions for Ulam–Hyers stability within the envisioned computer virus model. To analyze solution trajectories and the impact of various input factors on computer virus dynamics, we utilize an efficient numerical technique, providing insight into the relationships between model parameters and enabling the design of networks that minimize the risk of virus outbreaks under various bifurcation conditions.

Advanced Techniques of Malware Evasion and Bypass in the Age of Antivirus

The use of antivirus software as the main line of protection against growing cyber threats highlights the necessity of comprehending and resolving its limits. This study provides light on the ease of use and accessibility of tools used by hackers by carefully examining the complex terrain of malware evasion and bypass tactics. The persistent evolution of malware evasion and bypass techniques presents a significant cybersecurity challenge. The main objective is to educate users about the ever-changing hazards and provide them with the knowledge they need to properly strengthen their digital defenses. The literature analysis highlights the necessity for continued attention by establishing a strong correlation between the effectiveness of evasion strategies and their age and popularity. While modern antivirus software shows strong resistance against a range of tried-and-true techniques when updated on a regular basis, the study reveals a crucial component in its testing. This entails applying simple yet effective tweaks to well-known evasion techniques, demonstrating their capacity to fool even the most recent antivirus software. A thorough examination of malware evasion tactics, including both on-desk and in-memory approaches, is given in the methods section. Packing, obfuscators, protectors, reflective DLL injection, remote process memory injection, process hollowing, and inline hooking are all covered in detail in this paper. Subsequently, the study delves deeper into distinct evasion strategies, such defensive evasion through direct system calls and sophisticated evasion tactics, showcasing malware developers' versatility in evading antivirus and endpoint detection and response (EDR) systems.