Countering cyber threats for industrial applications: An automated approach for malware evasion detection and analysis

The widespread adoption of Internet of Things (IoT) in industrial systems has made malware propagation more voluminous and sophisticated. Detection and prevention against these malware threats rely on automated dynamic analysis techniques. Malware writers on the other hand, are resorting towards analysis evasion techniques that pose a great deal of challenge for the malware research community. Various approaches mostly based on virtual machines or emulators have been proposed for the analysis of such envisions. However, the practicality of these approaches is still an open debate. This paper presents a malware analysis system, capable of encountering known evasion methods of malware. A novel technique for detection of malware evasive behavior is presented, which is based on measuring the deviation from normal behavior of a program or malware. Evaluations and analysis show that this approach is effective against detecting the variations in malware behavior. Moreover, countermeasures implemented by the Analysis Evasion Malware Sandbox (AEMS) are effective for large percentage of malware detection.