Mining and Utilizing Network Protocol's Stealth Attack Behaviors

The survivability, concealment and aggression of network protocol’s stealth attack behaviors are very strong, and they are not easy to be detected by the existing security measures. In order to compensate for the shortcomings of existing protocol analysis methods, starting from the instructions to implement the protocol program, the normal behavior instruction sequences of the protocol are captured by dynamic binary analysis. Then, the potential stealth attack behavior instruction sequences are mined by means of instruction clustering and feature distance computation. The mined stealth attack behavior instruction sequences are loaded into the general executing framework for inline assembly. Dynamic analysis is implemented on the self-developed virtual analysis platform HiddenDisc, and the securities of stealth attack behaviors are evaluated. Except to mining analysis and targeted defensive the stealth attack behaviors, the stealth attack behaviors are also formally transformed by the self-designed stealth transformation method, by using the stealth attack behaviors after transformation, the virtual target machine were successfully attacked and were not detected. Experimental results show that, the mining of protocol stealth attack behaviors is accurate, the transformation and use of them to increase our information offensive and defensive ability is also feasible.

[1]  Guillaume Hiet,et al.  Towards automated protocol reverse engineering using semantic information , 2014, AsiaCCS.

[2]  Nor Badrul Anuar,et al.  Botnet detection techniques: review, future trends, and issues , 2014, Journal of Zhejiang University SCIENCE C.

[3]  Sivakumar Ramakrishnan,et al.  A survey: hybrid evolutionary algorithms for cluster analysis , 2011, Artificial Intelligence Review.

[4]  Jianhua Yang,et al.  Ethical Hacking and Network Defense: Choose Your Best Network Vulnerability Scanning Tool , 2017, 2017 31st International Conference on Advanced Information Networking and Applications Workshops (WAINA).

[5]  Moritz Contag,et al.  Probfuscation: An Obfuscation Approach Using Probabilistic Control Flows , 2016, DIMVA.

[6]  Fenlin Liu,et al.  Mixed Obfuscation of Overlapping Instruction and Self-Modify Code Based on Hyper-Chaotic Opaque Predicates , 2014, 2014 Tenth International Conference on Computational Intelligence and Security.

[7]  Akshay Harale,et al.  Detection and Analysis of Network & Application Layer Attacks Using Honey pot With System Security Features , 2017 .

[8]  Gerardo Canfora,et al.  Static analysis for the detection of metamorphic computer viruses using repeated-instructions counting heuristics , 2013, Journal of Computer Virology and Hacking Techniques.

[9]  Christopher Krügel,et al.  A survey on automated dynamic malware-analysis techniques and tools , 2012, CSUR.

[10]  Venkata SreeKrishna Koganti,et al.  Internet worms and its detection , 2016, 2016 International Conference on Control, Instrumentation, Communication and Computational Technologies (ICCICCT).

[11]  Claudio Carpineto,et al.  A Survey of Automatic Query Expansion in Information Retrieval , 2012, CSUR.

[12]  Gary B. Wills,et al.  Automated penetration testing based on a threat model , 2016, 2016 11th International Conference for Internet Technology and Secured Transactions (ICITST).