| Title | Automatically Inferring Malware Signatures for Anti-Virus Assisted Attacks |
| Publication Type | Conference Paper |
| Year of Publication | 2017 |
| Authors | Wressnegger, Christian, Freeman, Kevin, Yamaguchi, Fabian, Rieck, Konrad |
| Conference Name | Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security |
| Publisher | ACM |
| Conference Location | New York, NY, USA |
| ISBN Number | 978-1-4503-4944-4 |
| Keywords | anti-virus, attacks, Malware, pubcrawl, resilience, Resiliency, Scalability, signature based defense, signatures |
| Abstract | Although anti-virus software has significantly evolved over the last decade, classic signature matching based on byte patterns is still a prevalent concept for identifying security threats. Anti-virus signatures are a simple and fast detection mechanism that can complement more sophisticated analysis strategies. However, if signatures are not designed with care, they can turn from a defensive mechanism into an instrument of attack. In this paper, we present a novel method for automatically deriving signatures from anti-virus software and discuss how the extracted signatures can be used to attack sensible data with the aid of the virus scanner itself. To this end, we study the practicability of our approach using four commercial products and exemplary demonstrate anti-virus assisted attacks in three different scenarios. |
| DOI | 10.1145/3052973.3053002 |
| Citation Key | wressnegger_automatically_2017 |
Automatically Inferring Malware Signatures for Anti-Virus Assisted Attacks