Hundreds of thousands of new malware programs are registered worldwide every day. Such viruses, spyware, and Trojans can completely paralyze networks, spy on users, steal critical data, and damage operating systems. In order to detect malicious programs and remove them from the computer, various types of malware scanners are used. Some of these programs classify scripts as benign or malicious based on their syntactic structure. However, these structures can be cleverly manipulated, rendering the scanners useless. CISPA researcher Aurore Fass, in collaboration with Faculty Dr. Ben Stock and Founding Director and CEO Prof. Dr. Dr. h.c. Michael Backes, showed this in a paper she presented at the ACM Computer and Communications Security (CCS) conference, one of the most important cybersecurity conferences in the world.
To prevent this, various types of malware scanners are used in companies and private households. A distinction is made between static and dynamic malware detectors, explains Fass. In dynamic malware analysis, files are executed and the software closely observes their behavior to classify them. Static malware scanners, on the other hand, do not execute the files. Instead, they look for specific words or syntactic structures in the scripts that can provide clues to malicious functionality. Especially when the scanners are trained using machine learning, such programs can be very effective at detecting even previously unknown malware, according to Fass.
The text was translated by: Oliver Schedler