This course aims to explore a decade of research on evasive malware and automated malware analysis systems. The learning outcomes include understanding malware evasion techniques, evasive behavior detection, and evasion mitigation strategies. The course covers offensive and defensive research directions, providing a systematic review of various approaches. The intended audience for this course includes security practitioners and individuals interested in cybersecurity research and malware analysis. The teaching method involves a presentation format with a comprehensive survey of scholarly works and industry studies in the field.
Catch Me If You Can - A Decade of Evasive Malware Attack and Defense
Overview
Syllabus
Introduction
Dynamic Automated Analysis Systems
Motivation
Presentation Outline
Offense - Detecting Analysis Systems
Environmental Artifacts & Timing
CPU Virtualization & Process Introspection
Reverse Turing Tests & Network Artifacts
Detecting Malware Evasion
Multi-System Execution
Evasion Detection - Discussion
Early Approaches
Path Exploration
Hypervisor-based Analysis
Mitigation - Discussion
Offensive Research
Defense - Improving Bare Metal Analysis
Defense - Heuristic Evasion Detection
Defense - Passing Reverse Turing Tests
Meta - Establishing Ground Truth
Meta - Challenges in Research Evaluation
Conclusion
Taught by
0xdade
