This essay has been submitted by a student. This is not an example of the work written by professional essay writers.

Categories of Evasion Techniques

downloadDownload printPrint

Pssst… we can write an original essay just for you.

Any subject. Any type of essay. We’ll even meet a 3-hour deadline.

Get your price

121 writers online

Download PDF

Evasion techniques

The term evasion technique groups all the methods used by malware to avoid detection, analysis, and understanding. The evasion techniques can be classified into three broad categories, namely, anti-security techniques, anti-sandbox techniques and anti-analyst techniques.

Anti-security techniques

These techniques are used to avoid detection by antimalware engines, firewalls, application containment, or other tools that protect the environment.

Anti-sandbox techniques

These techniques are used to detect automatic analysis and avoid engines that report on the behavior of malware. Detecting registry keys, files, or processes related to virtual environments lets malware know if it is running in a sandbox.

Anti-analyst techniques

These techniques are used to detect and fool malware analysts, for example, by spotting monitoring tools such as Process Explorer or Wireshark, as well as some process-monitoring tricks, packers, or obfuscation to avoid reverse engineering. Some advanced malware samples employ two or three of these techniques together. For example, malware can use a technique like RunPE (which runs another process of itself in memory) to evade antimalware software, a sandbox, or an analyst.

Some malware detects a specific registry key related to a virtual environment, allowing the threat to evade an automatic sandbox as well as an analyst attempting to dynamically run the suspected malware binary in a virtual machine. It is important for security researchers to understand these evasion techniques to ensure that security technologies remain viable.

Malware detection on mobile devices

The basic differences between a PC and mobile device are constrained in terms of computation power, memory and limited battery resources. The targeted exploits of mobile malware are also significantly different from those on PC due to the differences in operating systems and hardware. For e.g. Majority of mobile devices are based on the ARM architecture. Hence, we need to provide due consideration when using the PC based methods for mobile devices. The detection method must use memory and computational resources efficiently and not drain the device battery. The detection method must be cost-efficient to update over the wireless network.

There are two general ways of protecting the mobile device. One is to offer protection at the device level and the other is to offer protection at the network level by inspecting packets destined for the device. Device based protection detects and cleans malware including viruses, Trojans and spyware that are installed on the device whereas network based protection looks to detect and prevent intrusions in the network.

Malware Analysis Classification

All classification approaches taken in the literature can basically be categorized into two types:

(i) based on features drawn from an unpacked static version of the executable file and

(ii) based on dynamic features of the packed executable file.

These approaches are further classified into signature based, behavior based, hybrid based and machine learning based approaches. Signature based approaches are simple and capable to operate online in real time. They detect only known malwares and are not useful for detecting new, unknown and stealthy malwares. They are less powerful with respect to evasion techniques (i.e) obfuscation transformations can easily defeat signature-based detection mechanisms.

A signature matching algorithm is well suited for use in mobile device scanning due to its low memory requirements. Behavior based approaches are designed for analyzing the malwares dynamically, thereby allowing it to detect unknown malwares efficiently. They rely on system call sequences/graphs to model a malicious specification/pattern. Behavior-based methods and machine learning methods are dynamic approaches. Anomaly-based approaches, also known as profile-based approaches, profile the statistical features of normal traffic. Any deviation from the profile will be treated as suspicious. They detect previously unknown attacks, but they showed high false-positive ratios when the normal activities are diverse and unpredictable.

Specification-based approaches are similar to anomaly detection, but they are based on manually developed specifications that capture legitimate (rather than previously seen) system behaviors. They avoid high false alarm rates caused by legitimate but unseen behavior in the anomaly detection approach. Their drawback lies in more time-consumption as they develop detailed specifications. Thus, one has to trade off specification development effort for increased false negatives (i.e., likelihood that some attacks may be missed). Heuristic approaches for detection in PCs include semantics-based, visualization-based, social network based, entropy based, cryptographic based, difference equation based, kernel based detection approaches. For detection in mobile, immune system-based, memory acquisition-based, suspicious API call patterns, differential fault analysis approach, Intercomponent communications are the approaches that comes under heuristic category.

Much research has been conducted on developing automatic malware classification systems using data mining and machine-learning approaches. However, due to various stealth techniques designed by malware authors, most malwares remain undetectable.


This paper presents a detailed insight on malware analysis in both the Personal Computer (PC) domain and the mobile domain, based on literature survey done from 1987. First, the various forms of malware and the impact of malware in PC and mobile phones are discussed. Also, their prevalence in most used operating systems such as Windows (for PCs) and Android (for mobile) is focused. Second, the literature survey explaining the contemporary detection approaches are compared with the ancient approaches and their advantages and disadvantages are discussed. Finally, research questions and findings are discussed, giving key ideas for malware researchers to develop a more robust and efficient detection approach, to improve protection and reduce risks, applicable to real-world scenario.

Remember: This is just a sample from a fellow student.

Your time is important. Let us write you an essay from scratch

experts 450+ experts on 30 subjects ready to help you just now

delivery Starting from 3 hours delivery

Find Free Essays

We provide you with original essay samples, perfect formatting and styling

Cite this Essay

To export a reference to this article please select a referencing style below:

Categories of Evasion Techniques. (2018, December 03). GradesFixer. Retrieved January 24, 2022, from
“Categories of Evasion Techniques.” GradesFixer, 03 Dec. 2018,
Categories of Evasion Techniques. [online]. Available at: <> [Accessed 24 Jan. 2022].
Categories of Evasion Techniques [Internet]. GradesFixer. 2018 Dec 03 [cited 2022 Jan 24]. Available from:
copy to clipboard

Sorry, copying is not allowed on our website. If you’d like this or any other sample, we’ll happily email it to you.

    By clicking “Send”, you agree to our Terms of service and Privacy statement. We will occasionally send you account related emails.


    Attention! This essay is not unique. You can get a 100% Plagiarism-FREE one in 30 sec

    Receive a 100% plagiarism-free essay on your email just for $4.99
    get unique paper
    *Public papers are open and may contain not unique content
    download public sample

    Sorry, we could not paraphrase this essay. Our professional writers can rewrite it and get you a unique paper.



    Please check your inbox.

    Want us to write one just for you? We can custom edit this essay into an original, 100% plagiarism free essay.

    thanks-icon Order now

    Hi there!

    Are you interested in getting a customized paper?

    Check it out!
    Having trouble finding the perfect essay? We’ve got you covered. Hire a writer

    Haven't found the right essay?

    Get an expert to write you the one you need!


    Professional writers and researchers


    Sources and citation are provided


    3 hour delivery