Explore a novel class of sandbox evasion techniques that exploit "wear and tear" artifacts to detect artificial malware analysis environments. Examine how malware can determine if a system is real or artificial with high accuracy by analyzing indicators of normal use over time. Learn about the methodology, data collection, and evaluation of this approach using decision tree models based on registry artifacts. Understand the implications for malware detection systems and potential defenses against these evasion tactics. Gain insights into creating more realistic sandbox environments that mimic the age and usage patterns of genuine user devices.
Spotless Sandboxes: Evading Malware Analysis Systems Using Wear-and-Tear Artifacts
Overview
Syllabus
Introduction
Outline
Automation
Dynamic Analysis Techniques
The Environment
Current Evasion Techniques
Intuition Behind It
Features
Data Collection
Limitations
Methodology
Real Systems
Registry artifacts
Decision tree model
Evaluation
Claim Age
Content Measure
Taught by
IEEE Symposium on Security and Privacy
