Catch Me If You Can - A Decade of Evasive Malware Attack and Defense

Explore a comprehensive survey of evasive malware and automated malware analysis systems spanning over a decade of research. Delve into the cat-and-mouse game between malicious software and defense mechanisms, examining nearly 200 scholarly works, industry presentations, and real-world malware studies. Gain insights into malware evasion techniques targeting automated dynamic analysis systems, methods for detecting evasive behavior, and strategies for mitigating evasion. Learn about environmental artifacts, CPU virtualization, reverse Turing tests, and network artifacts used by malware to detect analysis systems. Discover defensive approaches including multi-system execution, path exploration, and hypervisor-based analysis. Investigate future directions in both offensive and defensive research, and consider novel perspectives on these challenges to enhance security practices. Presented by Alexei Bulazel, a security researcher with River Loop Security, in collaboration with Dr. Bülent Yener from Rensselaer Polytechnic Institute.

Introduction
Dynamic Automated Analysis Systems
Motivation
Presentation Outline
Offense - Detecting Analysis Systems
Environmental Artifacts & Timing
CPU Virtualization & Process Introspection
Reverse Turing Tests & Network Artifacts
Detecting Malware Evasion
Multi-System Execution
Evasion Detection - Discussion
Early Approaches
Path Exploration
Hypervisor-based Analysis
Mitigation - Discussion
Offensive Research
Defense - Improving Bare Metal Analysis
Defense - Heuristic Evasion Detection
Defense - Passing Reverse Turing Tests
Meta - Establishing Ground Truth
Meta - Challenges in Research Evaluation
Conclusion