PORTO @ Archivio Istituzionale della Ricerca

A malicious botnet is a collection of compromised hosts coordinated by an external entity. The malicious software, or malware, that infect the systems are its basic units and they are responsible for its global behavior. Anti Virus software and Intrusion Detection Systems detect botnets by analyzing network and files, looking for signature and known behavioral patterns. Thus, the malware hiding capability is a crucial aspect. This paper describes a new obfuscation mechanism based on evolutionary algorithms: an evolutionary core is embedded in the malware to generate a different, optimized hiding strategy for every single infection. Such always-changing, hard-to-detect malware can be used by security industries to stress the analysis methodologies and to test the ability to react to malware mutations. This research is the first step in a more ambitious research project, where a whole botnet, composed of different malware and Anti Virus software, is analyzed as a prey-predator ecosystem.

Malware Obfuscation through Evolutionary Packers / Marco, Gaudesi; Marcelli, Andrea; SANCHEZ SANCHEZ, EDGAR ERNESTO; Squillero, Giovanni; Alberto, Tonda. - STAMPA. - (2015), pp. 757-758. (Intervento presentato al convegno GECCO) [10.1145/2739482.2764940].

Malware Obfuscation through Evolutionary Packers

MARCELLI, ANDREA;SANCHEZ SANCHEZ, EDGAR ERNESTO;SQUILLERO, Giovanni;
2015

Abstract

A malicious botnet is a collection of compromised hosts coordinated by an external entity. The malicious software, or malware, that infect the systems are its basic units and they are responsible for its global behavior. Anti Virus software and Intrusion Detection Systems detect botnets by analyzing network and files, looking for signature and known behavioral patterns. Thus, the malware hiding capability is a crucial aspect. This paper describes a new obfuscation mechanism based on evolutionary algorithms: an evolutionary core is embedded in the malware to generate a different, optimized hiding strategy for every single infection. Such always-changing, hard-to-detect malware can be used by security industries to stress the analysis methodologies and to test the ability to react to malware mutations. This research is the first step in a more ambitious research project, where a whole botnet, composed of different malware and Anti Virus software, is analyzed as a prey-predator ecosystem.
2015
9781450334884
9781450334884
4.1 Contributo in Atti di convegno
File in questo prodotto:
Non ci sono file associati a questo prodotto.
Pubblicazioni consigliate

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11583/2639182
 Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo