MIMOSA: Reducing Malware Analysis Overhead with Coverings

01/18/2021
by   Mohsen Ahmadi, et al.
0

There is a growing body of malware samples that evade automated analysis and detection tools. Malware may measure fingerprints ("artifacts") of the underlying analysis tool or environment and change their behavior when artifacts are detected. While analysis tools can mitigate artifacts to reduce exposure, such concealment is expensive. However, not every sample checks for every type of artifact-analysis efficiency can be improved by mitigating only those artifacts most likely to be used by a sample. Using that insight, we propose MIMOSA, a system that identifies a small set of "covering" tool configurations that collectively defeat most malware samples with increased efficiency. MIMOSA identifies a set of tool configurations that maximize analysis throughput and detection accuracy while minimizing manual effort, enabling scalable automation to analyze stealthy malware. We evaluate our approach against a benchmark of 1535 labeled stealthy malware samples. Our approach increases analysis throughput over state of the art on over 95 these samples. We also investigate cost-benefit tradeoffs between the fraction of successfully-analyzed samples and computing resources required. MIMOSA provides a practical, tunable method for efficiently deploying analysis resources.

READ FULL TEXT
POST COMMENT

Comments

There are no comments yet.

Authors

page 5

page 8

page 9

page 15

03/12/2019

Agent-based Vs Agent-less Sandbox for Dynamic Behavioral Analysis

Malicious software is detected and classified by either static analysis ...
03/12/2021

ColdPress: An Extensible Malware Analysis Platform for Threat Intelligence

Malware analysis is still largely a manual task. This slow and inefficie...
09/25/2020

Evasive Windows Malware: Impact on Antiviruses and Possible Countermeasures

The perpetual opposition between antiviruses and malware leads both part...
12/03/2018

Malware static analysis and DDoS capabilities detection

The present thesis addresses the topic of denial of service capabilities...
09/07/2021

POW-HOW: An enduring timing side-channel to evadeonline malware sandboxes

Online malware scanners are one of the best weapons in the arsenal of cy...
11/17/2016

"Influence Sketching": Finding Influential Samples In Large-Scale Regressions

There is an especially strong need in modern large-scale data analysis t...
06/18/2020

AVClass2: Massive Malware Tag Extraction from AV Labels

Tags can be used by malware repositories and analysis services to enable...
This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.