MIMOSA: Reducing Malware Analysis Overhead with Coverings

by   Mohsen Ahmadi, et al.

There is a growing body of malware samples that evade automated analysis and detection tools. Malware may measure fingerprints ("artifacts") of the underlying analysis tool or environment and change their behavior when artifacts are detected. While analysis tools can mitigate artifacts to reduce exposure, such concealment is expensive. However, not every sample checks for every type of artifact-analysis efficiency can be improved by mitigating only those artifacts most likely to be used by a sample. Using that insight, we propose MIMOSA, a system that identifies a small set of "covering" tool configurations that collectively defeat most malware samples with increased efficiency. MIMOSA identifies a set of tool configurations that maximize analysis throughput and detection accuracy while minimizing manual effort, enabling scalable automation to analyze stealthy malware. We evaluate our approach against a benchmark of 1535 labeled stealthy malware samples. Our approach increases analysis throughput over state of the art on over 95 these samples. We also investigate cost-benefit tradeoffs between the fraction of successfully-analyzed samples and computing resources required. MIMOSA provides a practical, tunable method for efficiently deploying analysis resources.



There are no comments yet.


page 5

page 8

page 9

page 15


Agent-based Vs Agent-less Sandbox for Dynamic Behavioral Analysis

Malicious software is detected and classified by either static analysis ...

ColdPress: An Extensible Malware Analysis Platform for Threat Intelligence

Malware analysis is still largely a manual task. This slow and inefficie...

Evasive Windows Malware: Impact on Antiviruses and Possible Countermeasures

The perpetual opposition between antiviruses and malware leads both part...

Malware static analysis and DDoS capabilities detection

The present thesis addresses the topic of denial of service capabilities...

POW-HOW: An enduring timing side-channel to evadeonline malware sandboxes

Online malware scanners are one of the best weapons in the arsenal of cy...

"Influence Sketching": Finding Influential Samples In Large-Scale Regressions

There is an especially strong need in modern large-scale data analysis t...

AVClass2: Massive Malware Tag Extraction from AV Labels

Tags can be used by malware repositories and analysis services to enable...
This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.