Open AccessMalware: The Never-Ending Arm Race
Author(s) -
Héctor D. Menéndez
Publication year - 2021
Language(s) - English
DOI - 10.46723/ojc.1.1.3
Subject(s) - malware , computer security , compromise , computer science , cryptovirology , software , signature (topology) , false accusation , artificial intelligence , internet privacy , operating system , law , political science , geometry , mathematics
"Antivirus is death"' and probably every detection system that focuses on a single strategy for indicators of compromise. This famous quote that Brian Dye --Symantec's senior vice president-- stated in 2014 is the best representation of the current situation with malware detection and mitigation. Concealment strategies evolved significantly during the last years, not just like the classical ones based on polimorphic and metamorphic methodologies, which killed the signature-based detection that antiviruses use, but also the capabilities to fileless malware, i.e. malware only resident in volatile memory that makes every disk analysis senseless. This review provides a historical background of different concealment strategies introduced to protect malicious --and not necessarily malicious-- software from different detection or analysis techniques. It will cover binary, static and dynamic analysis, and also new strategies based on machine learning from both perspectives, the attackers and the defenders.