Hackers use some of the most basic techniques for the hiding of their malware codes from the detection of antivirus software’s. This report discusses the most advanced options, which are used for by the hackers for the displaying of the new tactics and technology for the detection of evasive malwares:
- Debuggers and anti-disassembly:Malware developers know the process, which is used by the malware research workers use and the tools that are used for the hunting of the threats. Researchers and programmers use disassemblers for the debugging of what the code does (Lee & Park, 2016). There are many tools, which are used for the detection of disassemblers, and debuggers many of which are included into the windows functions.
- Rootkits:At the highest level of work, rootkits are used as a combination of tools and techniques, which helps in the burrowing into the system, and successfully hide into the operating system (Alazab et al., 2014). Processors inside computers have the privilege of executing. These are exploited by the attackers into tricking the higher level programs to grant them the access privilege. In a windows or Linux environment there is the availability of user space and kernel space (Saracino et al., 2016). The highest level is the kernel space. If a malware needs to hide itself in the operating system the files needs to be embedded into the kernel space rather than the user space.
- Code, DLL, and Process Injection:Processes injection and dynamic-link library (DLL) injection is a variety of techniques, which is used for the execution of codes under the context of other procedures (Narudin et al., 2016). Malware developers often makes use of these techniques to execute their codes in other windows processes. They might inject codes into certain executable files of the windows system. By using this procedure, the malware detection software cannot make out if the program is a malware or not. It already knows that the file is not a malware but the code is of malware quality. The process becomes difficult to find and kill. Malwares can often be hooked onto a process, which has the ability of network capabilities for the masking of their malicious network usage (Shabtai et al., 2014). Over the time, Microsoft has worked on the patches of the processes to limit the code injection techniques being used by the malware developers. However, the malware developers are constantly finding new ways to work on the process of code injection.
These are some of the most commonly used procedures, which the malware developers are using for the evasion of antivirus (Yerima, Sezer & McWilliams, 2014). Other processes include the use of binding techniques for the attacking of the illegitimate program into the main executable program and timing the attacks based on the avoidance of automated analysis (Tang, Sethumadhavan & Stolfo, 2014). Most of the evasion techniques discussed in this discussion work by the process of injecting codes and making a signature based detection. There are other malware system, which are able to change the look of the program and the working procedure of the program so that the file cannot execute its work.
Alazab, A., Hobbs, M., Abawajy, J., Khraisat, A., & Alazab, M. (2014). Using response action with intelligent intrusion detection and prevention system against web application malware. Information Management & Computer Security, 22(5), 431-449. Available at: https://dro.deakin.edu.au/eserv/DU:30070785/hobbs-usingreponse-post-2014.pdf
Lee, J. K., & Park, J. H. (2016). HB-DIPM: Human Behavior Analysis-Based Malware Detection and Intrusion Prevention Model in the Future Internet. Journal of information processing systems, 12(3), 489-501. Available at: https://www.papersearch.net/thesis/article.asp?KEY=3482634
Narudin, F. A., Feizollah, A., Anuar, N. B., & Gani, A. (2016). Evaluation of machine learning classifiers for mobile malware detection. Soft Computing, 20(1), 343-357. Available at: https://pdfs.semanticscholar.org/cf6b/5797d922678f0f03a8bbad96b0d7482d8c02.pdf
Saracino, A., Sgandurra, D., Dini, G., & Martinelli, F. (2016). Madam: Effective and efficient behavior-based android malware detection and prevention. IEEE Transactions on Dependable and Secure Computing. Available at: https://www.micansinfotech.com/VIDEO-ABSTRACT-NS2-2016/MADAM%20Effective%20and%20Efficient%20Behavior-based.pdf
Shabtai, A., Tenenboim-Chekina, L., Mimran, D., Rokach, L., Shapira, B., & Elovici, Y. (2014). Mobile malware detection through analysis of deviations in application network behavior. Computers & Security, 43, 1-18. Available at: https://sci-hub.cc/10.1016/j.cose.2014.02.009
Tang, A., Sethumadhavan, S., & Stolfo, S. J. (2014, September). Unsupervised anomaly-based malware detection using hardware features. In International Workshop on Recent Advances in Intrusion Detection (pp. 109-129). Springer, Cham. Available at: https://arxiv.org/pdf/1403.1631.pdf
Yerima, S. Y., Sezer, S., & McWilliams, G. (2014). Analysis of Bayesian classification-based approaches for Android malware detection. IET Information Security, 8(1), 25-36. Available at: https://arxiv.org/ftp/arxiv/papers/1608/1608.05812.pdf