Title: Advanced or not? A comparative study of the use of anti-debugging and anti-VM techniques in generic and targeted malware
Authors: Chen, Ping
Huygens, Christophe
Desmet, Lieven
Joosen, Wouter
Issue Date: 1-Jun-2016
Publisher: Springer
Host Document: ICT Systems Security and Privacy Protection vol:471 pages:323-336
Series Title: IFIP Advances in Information and Communication Technology
Conference: IFIP TC 11 International Conference, SEC 2016 edition:31 location:Gent, Belgium date:May 30 - June 1, 2016
Abstract: Malware is becoming more and more advanced. As part of the sophistication, malware typically deploys various anti-debugging and anti-VM techniques to prevent detection. In this paper, we investigate the use of anti-debugging and anti-VM techniques in modern malware, and compare their presence in 16,246 generic and 1,037 targeted malware samples (APTs). As part of this study we found several counter-intuitive trends. In particular, our study concludes that targeted malware does not use more anti-debugging and anti-VM techniques than generic malware, although targeted malware tend to have a lower antivirus detection rate. Moreover, this paper even identifies a decrease over time of the number of anti-VM techniques used in APTs and the Winwebsec malware family.
Publication status: published
KU Leuven publication type: IC
Appears in Collections:Informatics Section

Files in This Item:
File Description Status SizeFormat
ifipsec2016-chen.pdf Accepted 485KbAdobe PDFView/Open


All items in Lirias are protected by copyright, with all rights reserved.

© Web of science