Feature-distributed malware attack

risk and defence

Byungho Min, Vijay Varadharajan

Research output: Chapter in Book/Report/Conference proceedingConference proceeding contribution

8 Citations (Scopus)

Abstract

Modern computing platforms have progressed to more secure environments with various defensive techniques such as application-based permission and application whitelisting. In addition, anti-virus solutions are improving their detection techniques, especially based on behavioural properties. To overcome these hurdles, the adversary has been developing malware techniques including the use of legitimate digital certificates; hence it is important to explore possible offensive techniques in a security-improved environment. In this paper, first we propose the new technique of feature-distributed malware that dynamically distributes its features to multiple software components in order to bypass various security mechanisms such as application whitelisting and anti-virus' behavioural detection. To evaluate our approach, we have implemented a tool that automatically generates such malware instances, and have performed a series of experiments showing the risks of such advanced malware. We also suggest an effective defence mechanism. It prevents loading of malicious components by utilising digital certificates of software components. We have implemented a Windows service that provides our defence mechanism, and evaluated it against the proposed malware. Another useful characteristic of our defence is that it is capable of blocking general abuse of legitimate digital certificates with dynamic software component loading.

Original languageEnglish
Title of host publicationComputer security - ESORICS 2014
Subtitle of host publication19th European Symposium on Research in Computer Security, Wroclaw, Poland, September 7-11, 2014. Proceedings : Part II
EditorsMirosław Kutyłowski, Jaideep Vaidya
Place of PublicationCham
PublisherSpringer, Springer Nature
Pages457-474
Number of pages18
ISBN (Electronic)9783319112121
ISBN (Print)9783319112114
DOIs
Publication statusPublished - 2014
Event19th European Symposium on Research in Computer Security, ESORICS 2014 - Wroclaw, Poland
Duration: 7 Sep 201411 Sep 2014

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
NumberPART 2
Volume8713 LNCS
ISSN (Print)03029743
ISSN (Electronic)16113349

Other

Other19th European Symposium on Research in Computer Security, ESORICS 2014
CountryPoland
CityWroclaw
Period7/09/1411/09/14

Fingerprint Dive into the research topics of 'Feature-distributed malware attack: risk and defence'. Together they form a unique fingerprint.

Cite this