Information Security Governance: The Art of Detecting Hidden Malware

Detecting malicious software or malware is one of the major concerns in information security governance as malware authors pose a major challenge to digital forensics by using a variety of highly sophisticated stealth techniques to hide malicious code in computing systems, including smartphones. The current detection techniques are futile, as forensic analysis of infected devices is unable to identify all the hidden malware, thereby resulting in zero day attacks. This chapter takes a key step forward to address this issue and lays foundation for deeper investigations in digital forensics. The goal of this chapter is, firstly, to unearth the recent obfuscation strategies employed to hide malware. Secondly, this chapter proposes innovative techniques that are implemented as a fully-automated tool, and experimentally tested to exhaustively detect hidden malware that leverage on system vulnerabilities. Based on these research investigations, the chapter also arrives at an information security governance plan that would aid in addressing the current and future cybercrime situations.

[1]  Sitalakshmi Venkatraman,et al.  EFFECTIVE DIGITAL FORENSIC ANALYSIS OF THE NTFS DISK IMAGE , 2009 .

[2]  Uffe Kock Wiil,et al.  Digital Forensics and Crime Investigation: Legal Issues in Prosecution at National Level , 2010, 2010 Fifth IEEE International Workshop on Systematic Approaches to Digital Forensic Engineering.

[3]  Rayford B. Vaughn,et al.  Time Analysis of Hard Drive Imaging Tools , 2008, IFIP Int. Conf. Digital Forensics.

[4]  Paul A. Watters,et al.  Zero-day Malware Detection based on Supervised Learning Algorithms of API call Signatures , 2011, AusDM.

[5]  Sahin Albayrak,et al.  Smartphone malware evolution revisited: Android next target? , 2009, 2009 4th International Conference on Malicious and Unwanted Software (MALWARE).

[6]  M. Tahar Kechadi,et al.  Online Acquisition of Digital Forensic Evidence , 2009, ICDF2C.

[7]  Yong-Dal Shin New Digital Forensics Investigation Procedure Model , 2008, 2008 Fourth International Conference on Networked Computing and Advanced Information Management.

[8]  Salvatore J. Stolfo,et al.  Towards Stealthy Malware Detection , 2007, Malware Detection.

[9]  Eugene H. Spafford,et al.  Getting Physical with the Digital Investigation Process , 2003, Int. J. Digit. EVid..

[10]  Gregg H. Gunsch,et al.  An Examination of Digital Forensic Models , 2002, Int. J. Digit. EVid..

[11]  Golden G. Richard,et al.  Next-generation digital forensics , 2006, CACM.

[12]  Mamoun Alazab,et al.  Towards Understanding Malware Behaviour by the Extraction of API Calls , 2010, 2010 Second Cybercrime and Trustworthy Computing Workshop.

[13]  Gabriel Maciá-Fernández,et al.  Anomaly-based network intrusion detection: Techniques, systems and challenges , 2009, Comput. Secur..

[14]  Hal Berghel,et al.  Wading into alternate data streams , 2004, CACM.

[15]  Belal Zaqaibeh,et al.  Computer Virus Strategies and Detection Methods , 2008 .

[16]  Brian D. Carrier Risks of live digital forensic analysis , 2006, CACM.

[17]  Hal Berghel Wireless infidelity I: war driving , 2004, CACM.

[18]  Steve Hanna,et al.  A survey of mobile malware in the wild , 2011, SPSM '11.

[19]  Robert Rowlingson,et al.  A Ten Step Process for Forensic Readiness , 2004, Int. J. Digit. EVid..

[20]  Vassil Roussev,et al.  Hashing and Data Fingerprinting in Digital Forensics , 2009, IEEE Security & Privacy.

[21]  Brian D. Carrier Defining Digital Forensic Examination and Analysis Tool Using Abstraction Layers , 2003, Int. J. Digit. EVid..

[22]  Venansius Baryamureeba,et al.  The Enhanced Digital Investigation Process Model , 2004 .

[23]  Paul A. Watters,et al.  Cybercrime: The Case of Obfuscated Malware , 2011, ICGS3/e-Democracy.