|GALLORO NICOLA||Cycle: XXXIV |
Section: Computer Science and Engineering
Tutor: TANCA LETIZIA
Advisor: ZANERO STEFANO Major Research topic
:Detection and analysis of dynamic evasion behaviours in modern malware samplesAbstract:
The security landscape is continuously evolving and modern threats are becoming more and more sophisticated. A common threat that plagues lots users and corporation is malware, usually under the form of an executable. Analysing malware has become a thriving and remunerative activity and both researchers and companies have developed sophisticated analysis system. However, given the adversarial nature of the field, modern malware samples are able to evade analysis systems. This evasion behaviours are particularly interesting in the dynamic analysis context, when malware samples try to interfere or terminate manual and automated analysis in dynamic analysis systems. Thus, the analysis becomes incomplete and frustrating until these evasive behaviours are identified and hindered. A solution is to run the malware inside an anti-evasion system that is able to detect and hinder the evasion techniques in order to reach the full execution of the malware sample. The development of this system requires the full knowledge of the evasion techniques exploited in the wild and a stealthy layer that is able to intercept those behaviors under the form of system events. The most interesting evasion techniques have been selected from literature and the anti-evasion layer have been implemented inside a Dyanmic Binary Instrumenatation (DBI) framework. The DBI tool is injected in the binary at runtime and system events are collected to perform a deeper analysis. The final result is both an anti-evasion framework and a measurement study on the distribution of evasive malware targeting the Windows platform.