- Title
- An analysis of malware evasion techniques against modern AV engines
- Creator
- Haffejee, Jameel
- ThesisAdvisor
- Irwin, Barry
- ThesisAdvisor
- Motara, Yusuf
- ThesisAdvisor
- Schoeman, Adam
- Date
- 2015
- Type
- Thesis
- Type
- Masters
- Type
- MSc
- Identifier
- vital:20979
- Identifier
- http://hdl.handle.net/10962/5821
- Description
- This research empirically tested the response of antivirus applications to binaries that use virus-like evasion techniques. In order to achieve this, a number of binaries are processed using a number of evasion methods and are then deployed against several antivirus engines. The research also documents the process of setting up an environment for testing antivirus engines, including building the evasion techniques used in the tests. The results of the empirical tests illustrate that an attacker can evade multiple antivirus engines without much effort using well-known evasion techniques. Furthermore, some antivirus engines may respond to the occurrence of an evasion technique instead of the presence of any malicious code. In practical terms, this shows that while antivirus applications are useful for protecting against known threats, their effectiveness against unknown or modified threats is limited.
- Format
- 123 leaves, pdf
- Publisher
- Rhodes University, Faculty of Science, Computer Science
- Language
- English
- Rights
- Haffejee, Jameel
- Hits: 914
- Visitors: 1002
- Downloads: 139
Collections
RU Department of Computer Science
| Thumbnail | File | Description | Size | Format | |||
|---|---|---|---|---|---|---|---|
| View Details | SOURCE1 | Adobe Acrobat PDF | 488 KB | Adobe Acrobat PDF | View Details |