Automated dynamic malware analysis systems are important in combating the proliferation of modern malware. Unfortunately, malware can often easily detect and evade these systems. Competition between malware authors and analysis system developers has pushed each to continually evolve their tactics for countering the other.
In this paper we systematically review i) "fingerprint" -based evasion techniques against automated dynamic malware analysis systems for PC, mobile, and web, ii} evasion detection, iii} evasion mitigation, and iv} evasion "in the wild." We also discuss difficulties in experimentation evaluation, highlight future directions in offensive and defensive research, and briefly survey related topics in anti-analysis.