Malware Evasion Techniques
Lead Research Organisation:
University of Oxford
Department Name: Computer Science
Abstract
The aims of this research are broadly to illustrate and enumerate the various evasion techniques that are used by malware to evade manual and automated analysis by analysts and automated analysis systems.
These evasion techniques include recognition of malign techniques which have evolved and become exponentially more complex as the arms race of malware development continues.
Analysis of these will include analysis at scale of existing and newly created malware, analysing large datasets from various threat intelligence providers. Additionally there will be creation of proof of concepts that demonstrate innovative techniques within this area.
Furthermore, this research may involve discovery of flaws within antivirus software or other analysis software used to detect and analyse malware. To an extent this flaw discovery can be identified as vulnerability research, with the aim of strengthening the tools used to analyse and protect against malware.
This research will strengthen skills in malware analysis, vulnerability analysis and penetration testing for the researcher, skills necessary to forge a career in cybersecurity and skills of which there is currently a shortage.
This subfield has a constant flow of novel data and has the combined innovation of cybercriminals, a variety of nation state groups and academia contributing to it's rapid development. Therefore analysing this data will contain a large amount of novelty. Additionally contributing new techniques in this vein.
This research will involve active collaboration with a number of private sector companies. Additionally as results of this research may come in the form of detected vulnerabilities within existing antivirus detection and analysis systems, these will help strengthen these systems within both the private and public sector.
This collaboration between academia and private sector is especially important as many of the systems in use by the private sector are only under robust analysis by state actors. Due to this it is important to codify into the academic body of knowledge, the tools and techniques which may only be known or in use by criminal and state actors.
This project is linked to the EPSRC Digital Economy research theme with a focus on the Security, Privacy and Trust subtheme which specifically mentions 'Research into exploitation of trusted digital systems'. Additionally, as much of the research in this area is kept under wraps to be used in exploitation, there is a benefit to entering some of the knowledge into the public domain.
These evasion techniques include recognition of malign techniques which have evolved and become exponentially more complex as the arms race of malware development continues.
Analysis of these will include analysis at scale of existing and newly created malware, analysing large datasets from various threat intelligence providers. Additionally there will be creation of proof of concepts that demonstrate innovative techniques within this area.
Furthermore, this research may involve discovery of flaws within antivirus software or other analysis software used to detect and analyse malware. To an extent this flaw discovery can be identified as vulnerability research, with the aim of strengthening the tools used to analyse and protect against malware.
This research will strengthen skills in malware analysis, vulnerability analysis and penetration testing for the researcher, skills necessary to forge a career in cybersecurity and skills of which there is currently a shortage.
This subfield has a constant flow of novel data and has the combined innovation of cybercriminals, a variety of nation state groups and academia contributing to it's rapid development. Therefore analysing this data will contain a large amount of novelty. Additionally contributing new techniques in this vein.
This research will involve active collaboration with a number of private sector companies. Additionally as results of this research may come in the form of detected vulnerabilities within existing antivirus detection and analysis systems, these will help strengthen these systems within both the private and public sector.
This collaboration between academia and private sector is especially important as many of the systems in use by the private sector are only under robust analysis by state actors. Due to this it is important to codify into the academic body of knowledge, the tools and techniques which may only be known or in use by criminal and state actors.
This project is linked to the EPSRC Digital Economy research theme with a focus on the Security, Privacy and Trust subtheme which specifically mentions 'Research into exploitation of trusted digital systems'. Additionally, as much of the research in this area is kept under wraps to be used in exploitation, there is a benefit to entering some of the knowledge into the public domain.
Planned Impact
It is part of the nature of Cyber Security - and a key reason for the urgency in developing new research approaches - that it now is a concern of every section of society, and so the successful CDT will have a very broad impact indeed. We will ensure impact for:
* The IT industry; vendors of hardware and software, and within this the IT Security industry;
* High value/high assurance sectors such as banking, bio-medical domains, and critical infrastructure, and more generally the CISO community across many industries;
* The mobile systems community, mobile service providers, handset and platform manufacturers, those developing the technologies of the internet of things, and smart cities;
* Defence sector, MoD/DSTL in particular, defence contractors, and the intelligence community;
* The public sector more generally, in its own activities and in increasingly important electronic engagement with the citizen;
* The not-for-profit sector, education, charities, and NGOs - many of whom work in highly contended contexts, but do not always have access to high-grade cyber defensive skills.
Impact in each of these will be achieved in fresh elaborations of threat and risk models; by developing new fundamental design approaches; through new methods of evaluation, incorporating usability criteria, privacy, and other societal concerns; and by developing prototype and proof-of-concept solutions exhibiting these characteristics. These impacts will retain focus through the way that the educational and research programme is structured - so that the academic and theoretical components are directed towards practical and anticipated problems motivated by the sectors listed here.
* The IT industry; vendors of hardware and software, and within this the IT Security industry;
* High value/high assurance sectors such as banking, bio-medical domains, and critical infrastructure, and more generally the CISO community across many industries;
* The mobile systems community, mobile service providers, handset and platform manufacturers, those developing the technologies of the internet of things, and smart cities;
* Defence sector, MoD/DSTL in particular, defence contractors, and the intelligence community;
* The public sector more generally, in its own activities and in increasingly important electronic engagement with the citizen;
* The not-for-profit sector, education, charities, and NGOs - many of whom work in highly contended contexts, but do not always have access to high-grade cyber defensive skills.
Impact in each of these will be achieved in fresh elaborations of threat and risk models; by developing new fundamental design approaches; through new methods of evaluation, incorporating usability criteria, privacy, and other societal concerns; and by developing prototype and proof-of-concept solutions exhibiting these characteristics. These impacts will retain focus through the way that the educational and research programme is structured - so that the academic and theoretical components are directed towards practical and anticipated problems motivated by the sectors listed here.
Organisations
Studentship Projects
| Project Reference | Relationship | Related To | Start | End | Student Name |
|---|---|---|---|---|---|
| EP/P00881X/1 | 01/10/2016 | 31/03/2023 | |||
| 2067510 | Studentship | EP/P00881X/1 | 01/10/2018 | 31/12/2022 | Freddie Barr-Smith |