Development of White List Based Autonomous Evolution of Defense System for RAT Malware

In order to minimize the damage caused by Remote Access Tool (RAT) malware used in targeted attacks, various countermeasures such as the black list and white list approaches have been developed. In the black list approach, we manage servers where the malware tried to communicate and block the malware communications. However, recently malware has been frequently changing C&C servers, and it is difficult to catch up the change of servers. In the white list approach, we permit only servers already known to be safe. However, all communications not on the white list are blocked, and this can have a disruptive effect on business. In this work, we propose a new Autonomous Evolution of Defense System based on white list. When unknown communication occurs, the proposed system requires an additional authentication, which a malware cannot pass through. Our system can be useful countermeasures against malware without disruption of business activities.

[1]  Johannes Bader,et al.  A Comprehensive Measurement Study of Domain Generating Malware , 2016, USENIX Security Symposium.

[2]  Dwen-Ren Tsai,et al.  A proxy-based real-time protection mechanism for social networking sites , 2010, 44th Annual 2010 IEEE International Carnahan Conference on Security Technology.

[3]  Naoki Hayashi,et al.  Proposal and Evaluation of Cyber Defense System Using Blacklist Refined Based on Authentication Results , 2016, 2016 19th International Conference on Network-Based Information Systems (NBiS).