Modern virtual machines, debuggers, and sandboxing solutions lend themselves towards more and more inconspicuous ways to run honeypots, and to observe and analyze malware and other malicious activity. This analysis yields valuable data for threat-assessment, malware identification and prevention. However, the use of such introspection methods has caused malware authors to create malicious programs with the ability to detect and evade such environments. This paper presents an overview on existing research of anti-honeypot and anti-introspection methods. We also propose our own taxonomy of detection vectors used by malware.
Joni Uitto, Sampsa Rauti, Samuel Laurén, Ville Leppänen (University of Turku): A Survey on Anti-honeypot and Anti-introspection Methods
In: Rocha Á., Correia A., Adeli H., Reis L., Costanzo S. (eds) Recent Advances in Information Systems and Technologies. WorldCIST 2017. Advances in Intelligent Systems and Computing, vol 570. Springer, Cham