Mimicking anti-viruses with machine learning and entropy profiles
Article
Menéndez, H. and Llorente, J. 2019. Mimicking anti-viruses with machine learning and entropy profiles. Entropy. 21 (5). https://doi.org/10.3390/e21050513
| Type | Article |
|---|---|
| Title | Mimicking anti-viruses with machine learning and entropy profiles |
| Authors | Menéndez, H. and Llorente, J. |
| Abstract | The quality of anti-virus software relies on simple patterns extracted from binary files. Although these patterns have proven to work on detecting the specifics of software, they are extremely sensitive to concealment strategies, such as polymorphism or metamorphism. These limitations also make anti-virus software predictable, creating a security breach. Any black hat with enough information about the anti-virus behaviour can make its own copy of the software, without any access to the original implementation or database. In this work, we show how this is indeed possible by combining entropy patterns with classification algorithms. Our results, applied to 57 different anti-virus engines, show that we can mimic their behaviour with an accuracy close to 98% in the best case and 75% in the worst, applied on Windows’ disk resident malware. |
| Keywords | anti-virus; classification; malware; mimicking; mimickAV; entropy profiles |
| Publisher | MDPI AG |
| Journal | Entropy |
| ISSN | 1099-4300 |
| Publication dates | |
| Online | 21 May 2019 |
| 21 May 2019 | |
| Publication process dates | |
| Deposited | 02 Feb 2020 |
| Accepted | 20 May 2019 |
| Output status | Published |
| Publisher's version | License |
| Copyright Statement | © 2019 by the authors. |
| Digital Object Identifier (DOI) | https://doi.org/10.3390/e21050513 |
| Language | English |
https://repository.mdx.ac.uk/item/88vwz
Download files
15
total views4
total downloads0
views this month0
downloads this month