In this presentation we take a look at over a decade of research into the cat-and-mouse game of evasive malware vs. automated malware analysis systems. While the challenge of evasive malware is well known, few have ever comprehensively looked at the problem. We survey almost two hundred scholarly works, industry presentations, and studies of malware in the wild over the past decade to understand how we got to where we are today, and where this battle is going.
This presentation will systematically review i) malware evasion techniques used against automated dynamic malware analysis systems, ii) evasive behavior detection, and iii) evasion mitigation. We conclude by discussing future directions in both offensive and defensive research and novel ways of thinking about these problems that may help security practitioners.
Alexei Bulazel is a security researcher with River Loop Security. He has previously presented at venues such as Black Hat, ShmooCon, DeepSec/ROOTS, and USENIX WOOT, among others. A recent graduate of Rensselaer Polytechnic Institute (RPI), Alexei worked under Dr. Bülent Yener on developing anti-emulation techniques for malware.
Alexei Bulazel is a security researcher with River Loop Security. He has previously presented at venues such as Black Hat, ShmooCon, DeepSec/ROOTS, and USENIX WOOT, among others. A recent graduate of Rensselaer Polytechnic Institute (RPI), Alexei worked under Dr. Bülent Yener on developing anti-emulation techniques for malware.