ASIA unversity:Item 310904400/115566
English  |  正體中文  |  简体中文  |  全文笔数/总笔数 : 94286/110023 (86%)
造访人次 : 21693540      在线人数 : 567
RC Version 6.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
搜寻范围 查询小技巧:
  • 您可在西文检索词汇前后加上"双引号",以获取较精准的检索结果
  • 若欲以作者姓名搜寻,建议至进阶搜寻限定作者字段,可获得较完整数据
  • 进阶搜寻
    ASIA unversity > 資訊學院 > 資訊工程學系 > 期刊論文 >  Item 310904400/115566


    jsp.display-item.identifier=請使用永久網址來引用或連結此文件: http://asiair.asia.edu.tw/ir/handle/310904400/115566


    题名: Orchestration of APT malware evasive manoeuvers employed for eluding anti-virus and sandbox defense
    作者: Sharma, Amit;Sharma, Amit;Bhoosha, Brij;Gupta, Brij Bhooshan;Kum, Awadhesh;Singh, Awadhesh Kumar;Saraswa, V.K.;Saraswat, V.K.
    贡献者: 資訊電機學院資訊工程學系
    关键词: Advanced persistent threat;Anti-Virus evasion;Process injection;Covert communication;Anti-Debug;Anti-Virtual machine;Evasive manoeuvers re-Engineering framework(EMRF);Fileless malware;DLL Hijacking;Code obfuscation;IAT Hooking;Windows management instrumentation(WMI)
    日期: 2022-01-01
    上传时间: 2023-03-29 02:49:21 (UTC+0)
    出版者: 亞洲大學
    摘要: The modern day cyber attacks are highly targeted and incorporate advanced tactics, techniques and procedures for greater stealth, impact and success. These attacks are also known as Advanced Persistent Threats(APT) because of their evasive and stealth nature along with longer foothold on the victim’s digital infrastructure. The malware involved in APT attacks are sophisticated and developed with the intention of sabotaging the victim’s digital infrastructure or performing espionage. They are capable of targeting multiple operating environments starting from desktop and server operating systems (Windows, Linux and MacOS), Mobile platforms (Android, iOS), Embedded platforms (IoT Devices), to Industrial control systems (ICS/SCADA Devices). The evolution of evasive tactics and techniques employed in such advanced malware leads to extensive research efforts to develop mechanisms that can counter these evasion techniques. The research primarily aims to demonstrate that evasive manoeuvers are currently over-weighing the security countermeasures deployed by the prevalent security solutions. This paper will first explain the evasion mechanism in a systematic manner employed in modern APT malware and aims to implement a novel Evasive Manoeuvers Re-Engineering Framework(EMRF).EMRF aims to establish and demonstrate combinations of evasive manoeuvers with much known APT malware samples to elude security solutions. The payload variants, i.e., executable, dynamic link library, and shell-code, were experimented through a research-based framework EMRF to demonstrate 36% to 96% of evasive behavior countering the majority of defender engines. The EMRF system with its dynamic user defined evasion manoeuvers is able to transform non-zero-day payloads more potent by evading majority of the modern security solutions. This research clearly demonstrates the attacker’s ability to deliver non-zero-day payloads easily rather than investing resources and time in discovering zero-day exploits and developing zero-day payloads. This important observation can potentially disrupt the Advanced Persistent Threat Defenses incorporated in modern day security solution where focus is mainly on to detect zero-day payloads and exploits. Exhibiting the threat landscape poised due to APT, the paper utilizes a dataset of 4403 APT malware samples to extract and orchestrate the prevalence of evasive manoeuvers like stealth, covert communication, and anti-analysis mechanisms. This paper will contribute towards advanced malware analysis as an avenue to analyzing intrusion, evasion, and deception to prevent detection and verification, an association of responsibility, and determination of intent.
    显示于类别:[資訊工程學系] 期刊論文

    文件中的档案:

    档案 描述 大小格式浏览次数
    index.html0KbHTML63检视/开启


    在ASIAIR中所有的数据项都受到原著作权保护.


    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - 回馈