UCL Discovery
UCL home » Library Services » Electronic resources » UCL Discovery

Mimicking anti-viruses with machine learning and entropy profiles

Menéndez, HD; Llorente, JL; (2019) Mimicking anti-viruses with machine learning and entropy profiles. Entropy , 21 (5) , Article 513. 10.3390/e21050513. Green open access

[img]
Preview
Text
entropy-21-00513.pdf - Published version

Download (967kB) | Preview

Abstract

The quality of anti-virus software relies on simple patterns extracted from binary files. Although these patterns have proven to work on detecting the specifics of software, they are extremely sensitive to concealment strategies, such as polymorphism or metamorphism. These limitations also make anti-virus software predictable, creating a security breach. Any black hat with enough information about the anti-virus behaviour can make its own copy of the software, without any access to the original implementation or database. In this work, we show how this is indeed possible by combining entropy patterns with classification algorithms. Our results, applied to 57 different anti-virus engines, show that we can mimic their behaviour with an accuracy close to 98% in the best case and 75% in the worst, applied on Windows’ disk resident malware.

Type: Article
Title: Mimicking anti-viruses with machine learning and entropy profiles
Open access status: An open access version is available from UCL Discovery
DOI: 10.3390/e21050513
Publisher version: https://doi.org/10.3390/e21050513
Language: English
Additional information: This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (http://creativecommons.org/licenses/by/4.0/)
Keywords: anti-virus; classification; malware; mimicking; mimickAV; entropy profiles
UCL classification: UCL
UCL > Provost and Vice Provost Offices
UCL > Provost and Vice Provost Offices > UCL BEAMS
UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science
URI: https://discovery.ucl.ac.uk/id/eprint/10076685
Downloads since deposit
18Downloads
Download activity - last month
Download activity - last 12 months
Downloads by country - last 12 months

Archive Staff Only

View Item View Item