July 1, 2017

AVPASS: Leaking and Bypassing Antivirus Detection Model Automatically

by Jinho Jung, Chanil Jeon, Max Wolotsky, Insu Yun, Taesoo Kim

In this talk, we present the entire pipeline of the APK perturbation process, leaking model process, and auto-bypassing process. In addition, we show findings about commercial AVs, including their detection features and hierarchy, and inform the attendees about the potential weaknesses of modern AVs. AVPASS will be demonstrated, showing that it modifies real world malware precisely, and allows them to bypass all AVs following the leaked model. AVPASS will be released with every tool that we have built, including the original source code and the related test data, to enable researchers to replicate the research on their own.