Automatically Inferring Malware Signatures for Anti-Virus Assisted Attacks

被引：23

作者：

Wressnegger, Christian ^{[1
]}

Freeman, Kevin ^{[2
]}

Yamaguchi, Fabian ^{[1
]}

Rieck, Konrad ^{[1
]}

机构：

[1] TU Braunschweig, Inst Syst Secur, Braunschweig, Germany

[2] Univ Gottingen, Inst Comp Sci, Gottingen, Germany

来源：

PROCEEDINGS OF THE 2017 ACM ASIA CONFERENCE ON COMPUTER AND COMMUNICATIONS SECURITY (ASIA CCS'17) | 2017年

关键词：

Anti-Virus; Malware; Signatures; Attacks;

D O I：

10.1145/3052973.3053002

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

Although anti-virus software has significantly evolved over the last decade, classic signature matching based on byte patterns is still a prevalent concept for identifying security threats. Anti-virus signatures are a simple and fast detection mechanism that can complement more sophisticated analysis strategies. However, if signatures are not designed with care, they can turn from a defensive mechanism into an instrument of attack. In this paper, we present a novel method for automatically deriving signatures from anti-virus software and discuss how the extracted signatures can be used to attack sensible data with the aid of the virus scanner itself. To this end, we study the practicability of our approach using four commercial products and exemplary demonstrate anti-virus assisted attacks in three different scenarios.

引用

页码：587 / 598

页数：12

共 39 条

[1] A novel malware for subversion of self-protection in anti-virus
Min, Byungho
Varadharajan, Vijay
SOFTWARE-PRACTICE & EXPERIENCE, 2016, 46 (03) : 361 - 379
[2] Automatic Discovery of Malware Signature for Anti-virus Cloud Computing
Xu, Dawei
Yu, Cunjiang
ADVANCES IN MECHATRONICS, AUTOMATION AND APPLIED INFORMATION TECHNOLOGIES, PTS 1 AND 2, 2014, 846-847 : 1640 - 1643
[3] Toward Automatic Discovery of Malware Signature for Anti-Virus Cloud Computing
Yan, Wei
Wu, Erik
COMPLEX SCIENCES, PT 1, 2009, 4 : 724 - 728
[4] Design, Implementation and Evaluation of a Novel Anti-Virus Parasitic Malware
Min, Byungho
Varadharajan, Vijay
30TH ANNUAL ACM SYMPOSIUM ON APPLIED COMPUTING, VOLS I AND II, 2015, : 2127 - 2133
[5] Euphony: Harmonious Unification of Cacophonous Anti-Virus Vendor Labels for Android Malware
Hurier, Mederic
Suarez-Tangil, Guillermo
Dash, Santanu Kumar
Bissyande, Tegawende F.
Le Traon, Yves
Klein, Jacques
Cavallaro, Lorenzo
2017 IEEE/ACM 14TH INTERNATIONAL CONFERENCE ON MINING SOFTWARE REPOSITORIES (MSR 2017), 2017, : 425 - 435
[6] Study of an Anti-Virus Framework
Zhang, Ming
Chen, Wei
PROCEEDINGS OF THE 2015 INTERNATIONAL CONFERENCE ON TEST, MEASUREMENT AND COMPUTATIONAL METHODS (TMCM 2015), 2015, 26 : 170 - 173
[7] Collection of the Main Anti-Virus Detection and Bypass Techniques
Donadio, Jeremy
Guerard, Guillaume
Ben Amor, Soufian
NETWORK AND SYSTEM SECURITY, NSS 2021, 2021, 13041 : 222 - 237
[8] Empirical Study on Anti-Virus Architecture for Container Platforms
Han, Sung-Hwa
Lee, Hoo-Ki
Gim, Gwang-Yong
Kim, Sung-Jin
IEEE ACCESS, 2020, 8 : 134940 - 134949
[9] Systematic testing of anti-virus software
Marx, A
Rautenstrauch, C
WIRTSCHAFTSINFORMATIK, 2003, 45 (04): : 435 - 443
[10] KUBO: A Framework for Automated Efficacy Testing of Anti-virus Behavioral Detection with Procedure-Based Malware Emulation
Pruzinec, Jakub
Quynh Anh Nguyen
Baldwin, Adrian
Griffin, Jonathan
Liu, Yang
PROCEEDINGS OF THE 13TH INTERNATIONAL WORKSHOP ON AUTOMATING TEST CASE DESIGN, SELECTION AND EVALUATION, A-TEST 2022, 2022, : 37 - 44

← 1 2 3 4 →