Combatting Evasive Malware - Leveraging Computer Vision to Solve the Reverse Turing Test
Today, dynamic analysis tools like sandboxes are commonly used to analyze real-world malware samples, revealing malware internals and aiding in the development of defensive measures. In order to avoid being analyzed, advanced malware families try to determine if a human is using the compromised system. In case this so called "reverse turing test" fails, the malware knows it runs in a sandbox, subsequently changing the normal behaviour.
The goal of this thesis is to set up a virtualized lab environment and use an existing computer vision framework to solve the reverse turing tests of real-world malware samples. The developed solution should be compared to other approaches with regard to performance, ease of use and success (e.g. ).
- Build a lab environment (using QEMU/KVM hypervisor)
- Obtain malware samples using the "reverse turing test"
- Determine how "reverse turing tests" are implemented
- Develop solutions using computer vision to solve the "reverse turing tests"
- Compare to other approaches