TY - GEN
T1 - Feature-distributed malware attack
T2 - 19th European Symposium on Research in Computer Security, ESORICS 2014
AU - Min, Byungho
AU - Varadharajan, Vijay
PY - 2014
Y1 - 2014
N2 - Modern computing platforms have progressed to more secure environments with various defensive techniques such as application-based permission and application whitelisting. In addition, anti-virus solutions are improving their detection techniques, especially based on behavioural properties. To overcome these hurdles, the adversary has been developing malware techniques including the use of legitimate digital certificates; hence it is important to explore possible offensive techniques in a security-improved environment. In this paper, first we propose the new technique of feature-distributed malware that dynamically distributes its features to multiple software components in order to bypass various security mechanisms such as application whitelisting and anti-virus' behavioural detection. To evaluate our approach, we have implemented a tool that automatically generates such malware instances, and have performed a series of experiments showing the risks of such advanced malware. We also suggest an effective defence mechanism. It prevents loading of malicious components by utilising digital certificates of software components. We have implemented a Windows service that provides our defence mechanism, and evaluated it against the proposed malware. Another useful characteristic of our defence is that it is capable of blocking general abuse of legitimate digital certificates with dynamic software component loading.
AB - Modern computing platforms have progressed to more secure environments with various defensive techniques such as application-based permission and application whitelisting. In addition, anti-virus solutions are improving their detection techniques, especially based on behavioural properties. To overcome these hurdles, the adversary has been developing malware techniques including the use of legitimate digital certificates; hence it is important to explore possible offensive techniques in a security-improved environment. In this paper, first we propose the new technique of feature-distributed malware that dynamically distributes its features to multiple software components in order to bypass various security mechanisms such as application whitelisting and anti-virus' behavioural detection. To evaluate our approach, we have implemented a tool that automatically generates such malware instances, and have performed a series of experiments showing the risks of such advanced malware. We also suggest an effective defence mechanism. It prevents loading of malicious components by utilising digital certificates of software components. We have implemented a Windows service that provides our defence mechanism, and evaluated it against the proposed malware. Another useful characteristic of our defence is that it is capable of blocking general abuse of legitimate digital certificates with dynamic software component loading.
UR - https://www.scopus.com/pages/publications/84906511220
U2 - 10.1007/978-3-319-11212-1_26
DO - 10.1007/978-3-319-11212-1_26
M3 - Conference proceeding contribution
AN - SCOPUS:84906511220
SN - 9783319112114
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 457
EP - 474
BT - Computer security - ESORICS 2014
A2 - Kutyłowski, Mirosław
A2 - Vaidya, Jaideep
PB - Springer, Springer Nature
CY - Cham
Y2 - 7 September 2014 through 11 September 2014
ER -