Cargando…
Mimicking Anti-Viruses with Machine Learning and Entropy Profiles
The quality of anti-virus software relies on simple patterns extracted from binary files. Although these patterns have proven to work on detecting the specifics of software, they are extremely sensitive to concealment strategies, such as polymorphism or metamorphism. These limitations also make anti...
| Autores principales: | , |
|---|---|
| Formato: | Online Artículo Texto |
| Lenguaje: | English |
| Publicado: |
MDPI
2019
|
| Materias: | |
| Acceso en línea: | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC7515001/ https://www.ncbi.nlm.nih.gov/pubmed/33267227 http://dx.doi.org/10.3390/e21050513 |
| _version_ | 1783586717877403648 |
|---|---|
| author | Menéndez, Héctor D. Llorente, José Luis |
| author_facet | Menéndez, Héctor D. Llorente, José Luis |
| author_sort | Menéndez, Héctor D. |
| collection | PubMed |
| description | The quality of anti-virus software relies on simple patterns extracted from binary files. Although these patterns have proven to work on detecting the specifics of software, they are extremely sensitive to concealment strategies, such as polymorphism or metamorphism. These limitations also make anti-virus software predictable, creating a security breach. Any black hat with enough information about the anti-virus behaviour can make its own copy of the software, without any access to the original implementation or database. In this work, we show how this is indeed possible by combining entropy patterns with classification algorithms. Our results, applied to 57 different anti-virus engines, show that we can mimic their behaviour with an accuracy close to 98% in the best case and 75% in the worst, applied on Windows’ disk resident malware. |
| format | Online Article Text |
| id | pubmed-7515001 |
| institution | National Center for Biotechnology Information |
| language | English |
| publishDate | 2019 |
| publisher | MDPI |
| record_format | MEDLINE/PubMed |
| spelling | pubmed-75150012020-11-09 Mimicking Anti-Viruses with Machine Learning and Entropy Profiles Menéndez, Héctor D. Llorente, José Luis Entropy (Basel) Article The quality of anti-virus software relies on simple patterns extracted from binary files. Although these patterns have proven to work on detecting the specifics of software, they are extremely sensitive to concealment strategies, such as polymorphism or metamorphism. These limitations also make anti-virus software predictable, creating a security breach. Any black hat with enough information about the anti-virus behaviour can make its own copy of the software, without any access to the original implementation or database. In this work, we show how this is indeed possible by combining entropy patterns with classification algorithms. Our results, applied to 57 different anti-virus engines, show that we can mimic their behaviour with an accuracy close to 98% in the best case and 75% in the worst, applied on Windows’ disk resident malware. MDPI 2019-05-21 /pmc/articles/PMC7515001/ /pubmed/33267227 http://dx.doi.org/10.3390/e21050513 Text en © 2019 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (http://creativecommons.org/licenses/by/4.0/). |
| spellingShingle | Article Menéndez, Héctor D. Llorente, José Luis Mimicking Anti-Viruses with Machine Learning and Entropy Profiles |
| title | Mimicking Anti-Viruses with Machine Learning and Entropy Profiles |
| title_full | Mimicking Anti-Viruses with Machine Learning and Entropy Profiles |
| title_fullStr | Mimicking Anti-Viruses with Machine Learning and Entropy Profiles |
| title_full_unstemmed | Mimicking Anti-Viruses with Machine Learning and Entropy Profiles |
| title_short | Mimicking Anti-Viruses with Machine Learning and Entropy Profiles |
| title_sort | mimicking anti-viruses with machine learning and entropy profiles |
| topic | Article |
| url | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC7515001/ https://www.ncbi.nlm.nih.gov/pubmed/33267227 http://dx.doi.org/10.3390/e21050513 |
| work_keys_str_mv | AT menendezhectord mimickingantiviruseswithmachinelearningandentropyprofiles AT llorentejoseluis mimickingantiviruseswithmachinelearningandentropyprofiles |