Abstract
Data obfuscation is the process of converting a constant or a variable into computational results of several constants to make it hard for the files to be detected or analyzed by anti-malware engines. In recent years, malicious based attacks are considered as one of the highest internet threats; as the majority of internet users depend on antivirus software as a protection tool, attackers use obfuscation techniques to achieve high evasion rates against different antiviruses. In this paper, we introduce multiple techniques consists of four stages that aid a malware; to avoid anti-malware tools, these techniques were mainly developed to provide a high evasion rate against anti-malware systems via dynamic analysis techniques. The evasion rate success of our samples were tested through (Kaspersky, Virustotal and Virusscan), then the result of our experiment were compared with other obfuscation techniques to stand on the success level of the experiment as well as extracting the strength and weakness points for any possible future works.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Mahawer, D., Nagaraju, A.: Metamorphic malware detection using base malware identification method. Secur. Commun. Netw. 7(11), 1719–1733 (2013)
Nai Fovino, I., Carcano, A., Masera, M., Trombetta, A.: An experimental investigation of malware attacks on SCADA systems. Int. J. Crit. Infrastruct. Prot. 2(4), 139–145 (2009)
Mawgoud, A.A., Taha, M.H.N., Khalifa, N.E..M.: Security Threats of Social Internet of Things in the Higher Education Environment, pp. 151–171. Springer, Cham (2019)
Xu, D., Yu, C.: Automatic discovery of malware signature for anti-virus cloud computing. Adv. Mater. Res. 846–847, 1640–1643 (2013)
Kumar, A., Goyal, S.: Advance dynamic malware analysis using Api hooking. Int. J. Eng. Comput. Sci. 5(3) (2016)
Khaja, M., Seo, J., McArthur, J.: Optimizing BIM Metadata Manipulation Using Parametric Tools. Procedia Engineering 145, 259–266 (2016)
Tahir, R.: A study on malware and malware detection techniques. Int. J. Educ. Manag. Eng. 8(2), 20–30 (2018)
El Karadawy, A.I., Mawgoud, A.A., Rady, H.M.: An empirical analysis on load balancing and service broker techniques using cloud analyst simulator. In: International Conference on Innovative Trends in Communication and Computer Engineering (ITCE), pp. 27–32. IEEE, Aswan, Egypt (2020)
Li, J., Sun, L., Yan, Q., Li, Z., Srisa-An, W., Ye, H.: Significant permission identification for machine-learning-based android malware detection. IEEE Trans. Industr. Inf. 14(7), 3216–3225 (2018)
Li, Q., Larsen, C., van der Horst, T.: IPv6: a catalyst and evasion tool for botnets and malware delivery networks. Computer 46(5), 76–82 (2013)
Suk, J., Kim, S., Lee, D.: Analysis of virtualization obfuscated executable files and implementation of automatic analysis tool. J. Korea Inst. Inform. Secur. Cryptol. 23(4), 709–720 (2013)
MaHussein, D.M.E.D.M., Taha, M.H., Khalifa, N.E.M.: A blockchain technology evolution between business process management (BPM) and Internet-of-Things (IoT). Int. J. Advanc. Comput. Sci. Appl. 9, 442–450 (2018)
Malhotra, A., Bajaj, K.: A survey on various malware detection techniques on mobile platform. Int. J. Comput. Appl. 139(5), 15–20 (2016)
Kritzinger, E., Smith, E.: Information security management: an information security retrieval and awareness model for industry. Comput. Secur. 27(5–6), 224–231 (2008)
Kong, D., Tian, D., Pan, Q., Liu, P., Wu, D.: Semantic aware attribution analysis of remote exploits. Secur. Commun. Netw. 6(7), 818–832 (2013)
Khalifa N.M., Taha M.H.N., Saroit, I.A.: A secure energy efficient schema for wireless multimedia sensor networks. CiiT Int. J. Wirel. Commun. 5(6) (2013)
Goh, D., Kim, H.: A study on malware clustering technique using API call sequence and locality sensitive hashing. J. Korea Inst. Inform. Secur. Cryptol. 27(1), 91–101 (2017)
Pandey, S., Agarwal, A.K.: Remainder quotient double hashing technique in closed hashing search process. In: Proceedings of 2nd International Conference on Advanced Computing and Software Engineering (ICACSE) (2019, March)
Luckett, P., McDonald, J., Glisson, W., Benton, R., Dawson, J., Doyle, B.: Identifying stealth malware using CPU power consumption and learning algorithms. J. Comput. Secur. 26(5), 589–613 (2018)
Kumar, P.: Computer virus prevention & anti-virus strategy. Sahara Arts & Management Academy Series (2008)
Yoshioka, K., Inoue, D., Eto, M., Hoshizawa, Y., Nogawa, H., Nakao, K.: Malware sandbox analysis for secure observation of vulnerability exploitation. IEICE Trans. Inform. Syst. E92-D(5), 955–966 (2009)
Pektaş, A., Acarman, T.: A dynamic malware analyzer against virtual machine aware malicious software. Secur. Commun. Netw. 7(12), 2245–2257 (2013)
Joo, J., Shin, I., Kim, M.: Efficient methods to trigger adversarial behaviors from malware during virtual execution in sandbox. Int. J. Secur. Appl. 9(1), 369–376 (2015)
Maestre Vidal, J., Sotelo Monge, M., Monterrubio, S.: EsPADA: enhanced payload analyzer for malware detection robust against adversarial threats. Fut. Gene. Comput. Syst. 104, 159–173 (2019)
Iwamoto, K., Isaki, K.: A method for shellcode extraction from malicious document files using entropy and emulation. Int. J.Eng. Technol. 8(2), 101–106 (2016)
Zakeri, M., Faraji Daneshgar, F., Abbaspour, M.: A static heuristic method to detecting malware targets. Secur. Commun. Netw. 8(17), 3015–3027 (2015)
Kruegel, C.: Full system emulation: achieving successful automated dynamic analysis of evasive malware. In: Proc. BlackHat USA Security Conference, 1–7 August 2014
Zhong, M., Tang, Z., Li, H., Zhang, J.: Detection of suspicious communication behavior of one program based on method of difference contrast. J. Comput. Appl. 30(1), 210–212 (2010)
Mawgoud, A.A.: A survey on ad-hoc cloud computing challenges. In: International Conference on Innovative Trends in Communication and Computer Engineering (ITCE), pp. 14–19. IEEE (2020)
Eskandari, M., Raesi, H.: Frequent sub-graph mining for intelligent malware detection. Secur. Commun. Netw. 7(11), 1872–1886 (2014)
Barabas, M., Homoliak, I., Drozd, M., Hanacek, P.: Automated malware detection based on novel network behavioral signatures. Int. J. Eng. Technol. 249–253 (2013)
Zatloukal, F., Znoj, J.: Malware detection based on multiple PE headers identification and optimization for specific types of files. J. Adv. Eng. Comput. 1(2), 153 (2017)
Tomasi, G., van den Berg, F., Andersson, C.: Correlation optimized warping and dynamic time warping as preprocessing methods for chromatographic data. J. Chemom. 18(5), 231–241 (2004)
Vinod, P., Viswalakshmi, P.: Empirical evaluation of a system call-based android malware detector. Arab. J. Sci. Eng. 43(12), 6751–6770 (2017)
Saeed, I.A., Selamat, A., Abuagoub, A.M.A.: A survey on malware and malware detection systems. Int. J. Comput. Appl. 67(16), 25–31 (2013)
Mawgoud, A.A., Ali, I.: Statistical insights and fraud techniques for telecommunications sector in Egypt. In: International Conference on Innovative Trends in Communication and Computer Engineering (ITCE), pp. 143–150. IEEE (2020)
Mawgoud A.A., Taha, M.H.N., El Deen, N., Khalifa N.E.M.: Cyber security risks in MENA region: threats, challenges and countermeasures. In: International Conference on Advanced Intelligent Systems and Informatics, pp. 912–921. Springer, Cham (2020)
Ismail, I., Marsono, M., Khammas, B., Nor, S.: Incorporating known malware signatures to classify new malware variants in network traffic. Int. J. Netw. Manag. 25(6), 471–489 (2015)
Toddcullumresearch.com: Portable executable file corruption preventing malware from running—Todd Cullum Research (2019). https://toddcullumresearch.com/2017/07/16/portableexecutable-file-corruption/ Accessed 10 June 2019
Blackhat.com (2019). https://www.blackhat.com/docs/us-17/thursday/us-17-Anderson-Bot-VsBot-Evading-Machine-Learning-Malware-Detection-wp.pdf. Accessed 9 Apr 2019
Ye, Y., Wang, D., Li, T., Ye, D., Jiang, Q.: An intelligent PE malware detection system based on association mining. J. Comput. Virol. 4(4), 323–334 (2008)
Xu, W., Zhang, F., Zhu, S.: The power of obfuscation techniques in malicious JavaScript code: a measurement study, 9–16 (2012). https://doi.org/10.1109/malware.2012.6461
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 The Editor(s) (if applicable) and The Author(s), under exclusive license to Springer Nature Switzerland AG
About this chapter
Cite this chapter
A. Mawgoud, A., Rady, H.M., Tawfik, B.S. (2021). A Malware Obfuscation AI Technique to Evade Antivirus Detection in Counter Forensic Domain. In: Hassanien, AE., Taha, M.H.N., Khalifa, N.E.M. (eds) Enabling AI Applications in Data Science. Studies in Computational Intelligence, vol 911. Springer, Cham. https://doi.org/10.1007/978-3-030-52067-0_27
Download citation
DOI: https://doi.org/10.1007/978-3-030-52067-0_27
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-52066-3
Online ISBN: 978-3-030-52067-0
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)