• DocumentCode
    2927502
  • Title

    Investigation of bypassing malware defences and malware detections

  • Author

    Daryabar, Farid ; Dehghantanha, Ali ; Udzir, Nur Izura

  • Author_Institution
    Asia Pacific Univ. Coll. of Technol. & Innovation, Kuala Lumpur, Malaysia
  • fYear
    2011
  • fDate
    5-8 Dec. 2011
  • Firstpage
    173
  • Lastpage
    178
  • Abstract
    Nowadays, malware incident is one of the most expensive damages caused by attackers. Malwares are caused different attacks, so considerations and implementations of malware defences for internal networks are important. In this papers, different techniques such as repacking, reverse engineering and hex editing for bypassing host-based Anti Virus (AV) signatures are illustrated, and the description and comparison of different channels and methods when malware might reach the host from outside the networks are demonstrated. After that, bypassing HTTP/SSL and SMTP malware defences as channels are discussed. Finally, as it is important to find and detect new and unknown malware before the malware gets in to the victims, a new malware detection technique base on honeynet systems is surveyed.
  • Keywords
    digital signatures; invasive software; reverse engineering; HTTP-SSL; SMTP; hex editing; honeynet systems; host based anti virus signatures; internal networks; malware defence bypassing; malware detections; repacking; reverse engineering; Companies; Encryption; Engines; Internet; Logic gates; Malware; Anti Viruses; Bypassing malware; Honeynet; Malware defences; Penetration Testing;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Information Assurance and Security (IAS), 2011 7th International Conference on
  • Conference_Location
    Melaka
  • Print_ISBN
    978-1-4577-2154-0
  • Type

    conf

  • DOI
    10.1109/ISIAS.2011.6122815
  • Filename
    6122815