Copyright © 2013 Virus Bulletin
I had originally chosen to look at this paper because of its evasion detection technique, but reading through it unfortunately highlights the academic perception of anti-virus technology. I thought we were past the anti-virus-as-glorified-string-search notion, but perhaps not. To quote: ‘attackers may obfuscate their code so that it does not match the string signatures used by antivirus tools’ (pp.637–8) and ‘code obfuscation is effective against tools that rely on signatures, such as antivirus scanners’ (p.639). I could quote more, but this gives the general flavour.
Antiquated perceptions aside, however, Revolver isn’t just an academic proof of concept, but is designed to scale. With only four machines, the researchers were able to process just under 600,000 samples per day, which was as much as their detection ‘oracle’ could feed them. Lots of tuning and algorithmic tricks are used to allow the system to scale up, and all the details are given in the paper; a good implementer should be able to reproduce Revolver from the description.
 Kapravelos, A.; Shoshitaishvili, Y.; Cova, M.; Kruegel, C.; Vigna, G. Revolver: An Automated Approach to the Detection of Evasive Web-based Malware. Proceedings of the 22nd USENIX Security Symposium, 2013, pp.637–651. http://seclab.cs.ucsb.edu/media/uploads/papers/usenix2013_revolver.pdf.