论文信息 - Feature-Distributed Malware Attack: Risk and Defence

Feature-Distributed Malware Attack: Risk and Defence

Modern computing platforms have progressed to more secure environments with various defensive techniques such as application-based permission and application whitelisting. In addition, anti-virus solutions are improving their detection techniques, especially based on behavioural properties. To overcome these hurdles, the adversary has been developing malware techniques including the use of legitimate digital certificates; hence it is important to explore possible offensive techniques in a security-improved environment. In this paper, first we propose the new technique of feature-distributed malware that dynamically distributes its features to multiple software components in order to bypass various security mechanisms such as application whitelisting and anti-virus' behavioural detection. To evaluate our approach, we have implemented a tool that automatically generates such malware instances, and have performed a series of experiments showing the risks of such advanced malware. We also suggest an effective defence mechanism. It prevents loading of malicious components by utilising digital certificates of software components. We have implemented a Windows service that provides our defence mechanism, and evaluated it against the proposed malware. Another useful characteristic of our defence is that it is capable of blocking general abuse of legitimate digital certificates with dynamic software component loading.

Vijay Varadharajan | Byungho Min

[1] Vitaly Shmatikov,et al. Abusing File Processing in Malware Detectors for Fun and Profit , 2012, 2012 IEEE Symposium on Security and Privacy.

[2] Yajin Zhou,et al. Dissecting Android Malware: Characterization and Evolution , 2012, 2012 IEEE Symposium on Security and Privacy.

[3] Vijay Varadharajan,et al. Antivirus security: naked during updates , 2014, Softw. Pract. Exp..

[4] Farnam Jahanian,et al. PolyPack: an automated online packing service for optimal antivirus evasion , 2009 .

[5] Yousaf Bin Zikria,et al. Evading Virus Detection Using Code Obfuscation , 2010, FGIT.

[6] Zhendong Su,et al. Automatic detection of unsafe component loadings , 2010, ISSTA '10.

[7] Leyla Bilge,et al. Before we knew it: an empirical study of zero-day attacks in the real world , 2012, CCS.

[8] Suhaimi Ibrahim,et al. Camouflage in Malware: from Encryption to Metamorphism , 2012 .

[9] Eric Chien,et al. W32.Duqu: The Precursor to the Next Stuxnet , 2012, LEET.

[10] Kieran McLaughlin,et al. Obfuscation: The Hidden Malware , 2011, IEEE Security & Privacy.

[11] Fgit,et al. Future Generation Information Technology, First International Conference, FGIT 2009, Jeju Island, Korea, December 10-12, 2009. Proceedings , 2009, FGIT.