Legacy Code, Live Risk: Empirical Evidence of Malware Detection Gaps
Guardado en:
| Publicado en: | Applied Sciences vol. 15, no. 22 (2025), p. 11862-11880 |
|---|---|
| Autor principal: | |
| Otros Autores: | |
| Publicado: |
MDPI AG
|
| Materias: | |
| Acceso en línea: | Citation/Abstract Full Text + Graphics Full Text - PDF |
| Etiquetas: |
Sin Etiquetas, Sea el primero en etiquetar este registro!
|
MARC
| LEADER | 00000nab a2200000uu 4500 | ||
|---|---|---|---|
| 001 | 3275502786 | ||
| 003 | UK-CbPIL | ||
| 022 | |a 2076-3417 | ||
| 024 | 7 | |a 10.3390/app152211862 |2 doi | |
| 035 | |a 3275502786 | ||
| 045 | 2 | |b d20250101 |b d20251231 | |
| 084 | |a 231338 |2 nlm | ||
| 100 | 1 | |a Gang-Cheng, Huang |u Department of Computer Science and Information Engineering, China University of Technology, Taipei 116, Taiwan; jacky5112@cute.edu.tw | |
| 245 | 1 | |a Legacy Code, Live Risk: Empirical Evidence of Malware Detection Gaps | |
| 260 | |b MDPI AG |c 2025 | ||
| 513 | |a Journal Article | ||
| 520 | 3 | |a Consistent detection of malicious loaders across varied programming languages and build tools remains a significant cybersecurity challenge. This study empirically measures how compiler and language choices affect the detectability of standard in-memory Windows loaders. We implement functionally equivalent loaders (allocate, copy, protect, execute) in C, C#, Fortran, and COBOL, embedding an identical x64 test payload to isolate behavior. Our results reveal significant detection gaps: loaders compiled in legacy languages (Fortran, COBOL) consistently evade static and dynamic antivirus engines that easily flag their C and C# counterparts. We demonstrate this evasion is not due to behavioral differences, but to compiler-specific static artifacts. These artifacts, such as interleaved zero-bytes in Fortran and fragmented payload-construction logic in COBOL, effectively break common signature matching. These findings indicate that many detection tools are overly sensitive to the static build surface rather than true semantic behavior. We provide actionable guidance favoring behavior-focused analysis, such as tracking API call order and memory protection changes, to address this critical legacy code blind spot. | |
| 653 | |a Cybersecurity | ||
| 653 | |a Operating systems | ||
| 653 | |a Machine learning | ||
| 653 | |a Behavior | ||
| 653 | |a Programming languages | ||
| 653 | |a Malware | ||
| 653 | |a Reverse engineering | ||
| 653 | |a Python | ||
| 653 | |a C plus plus | ||
| 653 | |a Trends | ||
| 653 | |a Semantics | ||
| 653 | |a Polymorphism | ||
| 700 | 1 | |a Tai-Hung, Lai |u Department of Computer Science and Information Engineering, Chung Cheng Institute of Technology, National Defense University, Taoyuan 335009, Taiwan | |
| 773 | 0 | |t Applied Sciences |g vol. 15, no. 22 (2025), p. 11862-11880 | |
| 786 | 0 | |d ProQuest |t Publicly Available Content Database | |
| 856 | 4 | 1 | |3 Citation/Abstract |u https://www.proquest.com/docview/3275502786/abstract/embedded/7BTGNMKEMPT1V9Z2?source=fedsrch |
| 856 | 4 | 0 | |3 Full Text + Graphics |u https://www.proquest.com/docview/3275502786/fulltextwithgraphics/embedded/7BTGNMKEMPT1V9Z2?source=fedsrch |
| 856 | 4 | 0 | |3 Full Text - PDF |u https://www.proquest.com/docview/3275502786/fulltextPDF/embedded/7BTGNMKEMPT1V9Z2?source=fedsrch |