25th USENIX Security Symposium has ended
Back To Schedule
Monday, August 8 • 4:30pm - 5:00pm
malWASH: Washing Malware to Evade Dynamic Analysis

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Hiding malware processes from fingerprinting is challenging. Current techniques like metamorphic algorithms and diversity generate different instances of a program, protecting it against static detection. Unfortunately, all existing techniques are prone to detection through behavioral analysis – a runtime analysis that records behavior (e.g., through system call invocations), and can detect executing diversified programs like malware.

We present malWASH, a dynamic diversification engine that executes an arbitrary program without being detected by dynamic analysis tools. Target programs are chopped into small components that are then executed in the context of other processes, hiding the behavior of the original program in a stream of benign behavior of a large number of processes. A scheduler connects these components and transfers state between the different processes. The execution of the benign processes is not impacted. Furthermore, malWASH ensures that the executing program remains persistent, complicating the removal process.


Monday August 8, 2016 4:30pm - 5:00pm PDT
Texas Ballroom 1

Attendees (4)