The arms race: Adversarial search defeats entropy used to detect malware
作者:
Highlights:
• We expose the two sides of the malware arms race: detection and evasion.
• We propose EnTS, a novel and scalable malware detection technique.
• EnTS improves the accuracy of its competitors, being up to 3000 times faster.
• To defeat EnTS, we create EEE, an evasion technique with learning abilities.
• EEE defeats EnTS and SoA detectors, pushing their false negatives up to a 90%.
摘要
•We expose the two sides of the malware arms race: detection and evasion.•We propose EnTS, a novel and scalable malware detection technique.•EnTS improves the accuracy of its competitors, being up to 3000 times faster.•To defeat EnTS, we create EEE, an evasion technique with learning abilities.•EEE defeats EnTS and SoA detectors, pushing their false negatives up to a 90%.
论文关键词:Malware,Information theory,Entropy,Time series,Packing,Adversarial learning
论文评审过程:Received 16 May 2018, Revised 23 August 2018, Accepted 6 October 2018, Available online 6 October 2018, Version of Record 14 October 2018.
论文官网地址:https://doi.org/10.1016/j.eswa.2018.10.011
