Organizations face Cyber attacks of increasing sophistication. However, detection measures have not kept up with the pace of advancement in attack design. Common detection systems use detection rules or heuristics based on behaviors of known previous attacks and often crafted manually. The result is a defensive system which is both too sensitive, result- ing in many false positives, and not sensitive enough, missing detection of new attacks.

Building upon our work developing the Covertness Capability Calculus, we propose Malware Vectors, a technique for the discovery of defense logic via remote probing. Malware Vectors proposes a technique for building malware by discovering obserables which can be generated without triggering detection. Malware Vectors generates probes to establish a vector of acceptable observable values that the attack may generate without triggering detection. We test attacks against an unknown defense logic and show that it is trivial to discover a covert way to carry out an attack. We extend this simulation to randomly generated defense logics and find that without a change in underlying strategy defenders cannot improve their position significantly. Further, we find that discovery of full logic can be efficiently achieved using only Membership Queries in most cases. Finally, we propose some techniques that a defender could implement to attempt to defend against the Malware Vectors technique.