Countering cyber threats for industrial applications: An automated approach for malware evasion detection and analysis

Muzammil Noor, Haider Abbas, Waleed Bin Shahid

Research output: Contribution to journalArticlepeer-review

Abstract

The widespread adoption of Internet of Things (IoT) in industrial systems has made malware propagation more voluminous and sophisticated. Detection and prevention against these malware threats rely on automated dynamic analysis techniques. Malware writers on the other hand, are resorting towards analysis evasion techniques that pose a great deal of challenge for the malware research community. Various approaches mostly based on virtual machines or emulators have been proposed for the analysis of such envisions. However, the practicality of these approaches is still an open debate. This paper presents a malware analysis system, capable of encountering known evasion methods of malware. A novel technique for detection of malware evasive behavior is presented, which is based on measuring the deviation from normal behavior of a program or malware. Evaluations and analysis show that this approach is effective against detecting the variations in malware behavior. Moreover, countermeasures implemented by the Analysis Evasion Malware Sandbox (AEMS) are effective for large percentage of malware detection.
Original languageEnglish
Pages (from-to)249-261
JournalJournal of Network and Computer Applications
Volume103
DOIs
Publication statusPublished - 1 Feb 2018
Externally publishedYes

Keywords

  • Malware
  • Dormant functionality
  • Malware evasion detection
  • Analysis evasion malware sandbox
  • AEMS
  • Malware attribute enumeration

Cite this