A Cyber Kill Chain Based Analysis of Remote Access Trojans

Computer networks and industrial systems are always under cyber threat and attack. Existing vulnerabilities in different parts of systems have given cyber attackers the opportunity to think about attacking, damaging or hindering the working process of important infrastructures of the country. Figuring out these threats and weak points which are used by malwares like Trojans, considering the evolution of used techniques for preventing identification and ways to identify, is a big challenge. Having a destructive hierarchy can help identification and risk mitigation strategies. In this paper, we have analyzed a hierarchy based on characteristics of remote-controlled malwares using 477 Trojans collected from real-world samples, using different methods of assessment. The carried out analysis used one of the popular models for identifying cyber threats named Cyber Kill Chain. We proposed a hierarchy based on dataset sample in different stage of malware lifecycle.

[1]  Ali Dehghantanha,et al.  Detecting crypto-ransomware in IoT networks based on energy consumption footprint , 2018, J. Ambient Intell. Humaniz. Comput..

[2]  Ali Dehghantanha,et al.  Leveraging Support Vector Machine for Opcode Density Based Detection of Crypto-Ransomware , 2018, ArXiv.

[3]  Ali Selamat,et al.  A survey on malware propagation, analysis, and detection , 2013 .

[4]  Ali Dehghantanha,et al.  Machine Learning Aided Static Malware Analysis: A Survey and Tutorial , 2018, ArXiv.

[5]  Ulf Losche,et al.  Platform Independent Malware Analysis Framework , 2015, 2015 Ninth International Conference on IT Security Incident Management & IT Forensics.

[6]  Ali Dehghantanha,et al.  A Cyber Kill Chain Based Taxonomy of Banking Trojans for Evolutionary Computational Intelligence , 2017, J. Comput. Sci..

[7]  Gerardo Canfora,et al.  Metamorphic Malware Detection Using Code Metrics , 2014, Inf. Secur. J. A Glob. Perspect..

[8]  Ali Dehghantanha,et al.  Internet of Things security and forensics: Challenges and opportunities , 2018, Future Gener. Comput. Syst..

[9]  Ong Bi Lynn,et al.  Internet of Things (IoT): Taxonomy of security attacks , 2016, 2016 3rd International Conference on Electronic Design (ICED).

[10]  Dan Jiang,et al.  An Approach to Detect Remote Access Trojan in the Early Stage of Communication , 2015, 2015 IEEE 29th International Conference on Advanced Information Networking and Applications.

[11]  Lior Rokach,et al.  Mobile malware detection through analysis of deviations in application network behavior , 2014, Comput. Secur..

[12]  Kazumasa Omote,et al.  A RAT Detection Method Based on Network Behavior of the Communication's Early Stage , 2016, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[13]  Ali Dehghantanha,et al.  Investigation of bypassing malware defences and malware detections , 2011, 2011 7th International Conference on Information Assurance and Security (IAS).

[14]  Arvind Mallari Rao,et al.  Technical Aspects of Cyber Kill Chain , 2015, SSCC.

[15]  Syed Ali Khayam,et al.  A Taxonomy of Botnet Behavior, Detection, and Defense , 2014, IEEE Communications Surveys & Tutorials.

[16]  Ali Dehghantanha,et al.  A Mitigation Approach to the Privacy and Malware Threats of Social Network Services , 2011, ICDIPC.

[17]  Ali Dehghantanha,et al.  Robust Malware Detection for Internet of (Battlefield) Things Devices Using Deep Eigenspace Learning , 2019, IEEE Transactions on Sustainable Computing.

[18]  Dharma P. Agrawal,et al.  Fighting against phishing attacks: state of the art and future challenges , 2016, Neural Computing and Applications.

[19]  Ali Dehghantanha,et al.  Intelligent OS X malware threat detection with code inspection , 2018, Journal of Computer Virology and Hacking Techniques.

[20]  Ali Dehghantanha,et al.  A deep Recurrent Neural Network based approach for Internet of Things malware threat hunting , 2018, Future Gener. Comput. Syst..

[21]  Leandros A. Maglaras,et al.  The industrial control system cyber defence triage process , 2017, Comput. Secur..

[22]  Christopher Krügel,et al.  A survey on automated dynamic malware-analysis techniques and tools , 2012, CSUR.

[23]  Felix Leder,et al.  Banksafe Information Stealer Detection Inside the Web Browser , 2011, RAID.

[24]  Ali Dehghantanha,et al.  Know Abnormal, Find Evil: Frequent Pattern Mining for Ransomware Threat Hunting and Intelligence , 2018, IEEE Transactions on Emerging Topics in Computing.

[25]  Rosli Salleh,et al.  Mobile Botnet Attacks: A Thematic Taxonomy , 2014, WorldCIST.

[26]  Yanfang Ye,et al.  Intelligent malware detection based on file relation graphs , 2015, Proceedings of the 2015 IEEE 9th International Conference on Semantic Computing (IEEE ICSC 2015).

[27]  Davide Balzarotti,et al.  SoK: Deep Packer Inspection: A Longitudinal Study of the Complexity of Run-Time Packers , 2015, 2015 IEEE Symposium on Security and Privacy.

[28]  Peter Szor,et al.  The Art of Computer Virus Research and Defense , 2005 .

[29]  Hari Balakrishnan,et al.  Malware prevalence in the KaZaA file-sharing network , 2006, IMC '06.

[30]  Yi Pan,et al.  Reaction-diffusion modeling of malware propagation in mobile wireless sensor networks , 2013, Science China Information Sciences.

[31]  Ali Dehghantanha,et al.  Exploit Kits: The production line of the Cybercrime economy? , 2015, 2015 Second International Conference on Information Security and Cyber Forensics (InfoSec).

[32]  Martina Lindorfer,et al.  Detecting Environment-Sensitive Malware , 2011, RAID.

[33]  Ali Dehghantanha,et al.  A Systematic Review of the Availability and Efficacy of Countermeasures to Internal Threats in Healthcare Critical Infrastructure , 2018, IEEE Access.

[34]  Shuang Wu,et al.  Detecting Remote Access Trojans through External Control at Area Network Borders , 2017, 2017 ACM/IEEE Symposium on Architectures for Networking and Communications Systems (ANCS).