Orchestration of APT malware evasive manoeuvers employed for eluding anti-virus and sandbox defense

ASIA unversity > 資訊學院 > 資訊工程學系 > 期刊論文 > Item 310904400/115566

請使用永久網址來引用或連結此文件: http://asiair.asia.edu.tw/ir/handle/310904400/115566

題名:	Orchestration of APT malware evasive manoeuvers employed for eluding anti-virus and sandbox defense
作者:	Sharma, Amit;Sharma, Amit;Bhoosha, Brij;Gupta, Brij Bhooshan;Kum, Awadhesh;Singh, Awadhesh Kumar;Saraswa, V.K.;Saraswat, V.K.
貢獻者:	資訊電機學院資訊工程學系
關鍵詞:	Advanced persistent threat；Anti-Virus evasion；Process injection；Covert communication；Anti-Debug；Anti-Virtual machine；Evasive manoeuvers re-Engineering framework(EMRF)；Fileless malware；DLL Hijacking；Code obfuscation；IAT Hooking；Windows management instrumentation(WMI)
日期:	2022-01-01
上傳時間:	2023-03-29 02:49:21 (UTC+0)
出版者:	亞洲大學
摘要:	The modern day cyber attacks are highly targeted and incorporate advanced tactics, techniques and procedures for greater stealth, impact and success. These attacks are also known as Advanced Persistent Threats(APT) because of their evasive and stealth nature along with longer foothold on the victim’s digital infrastructure. The malware involved in APT attacks are sophisticated and developed with the intention of sabotaging the victim’s digital infrastructure or performing espionage. They are capable of targeting multiple operating environments starting from desktop and server operating systems (Windows, Linux and MacOS), Mobile platforms (Android, iOS), Embedded platforms (IoT Devices), to Industrial control systems (ICS/SCADA Devices). The evolution of evasive tactics and techniques employed in such advanced malware leads to extensive research efforts to develop mechanisms that can counter these evasion techniques. The research primarily aims to demonstrate that evasive manoeuvers are currently over-weighing the security countermeasures deployed by the prevalent security solutions. This paper will first explain the evasion mechanism in a systematic manner employed in modern APT malware and aims to implement a novel Evasive Manoeuvers Re-Engineering Framework(EMRF).EMRF aims to establish and demonstrate combinations of evasive manoeuvers with much known APT malware samples to elude security solutions. The payload variants, i.e., executable, dynamic link library, and shell-code, were experimented through a research-based framework EMRF to demonstrate 36% to 96% of evasive behavior countering the majority of defender engines. The EMRF system with its dynamic user defined evasion manoeuvers is able to transform non-zero-day payloads more potent by evading majority of the modern security solutions. This research clearly demonstrates the attacker’s ability to deliver non-zero-day payloads easily rather than investing resources and time in discovering zero-day exploits and developing zero-day payloads. This important observation can potentially disrupt the Advanced Persistent Threat Defenses incorporated in modern day security solution where focus is mainly on to detect zero-day payloads and exploits. Exhibiting the threat landscape poised due to APT, the paper utilizes a dataset of 4403 APT malware samples to extract and orchestrate the prevalence of evasive manoeuvers like stealth, covert communication, and anti-analysis mechanisms. This paper will contribute towards advanced malware analysis as an avenue to analyzing intrusion, evasion, and deception to prevent detection and verification, an association of responsibility, and determination of intent.
顯示於類別:	[資訊工程學系] 期刊論文

文件中的檔案:

檔案	描述	大小	格式	瀏覽次數
index.html		0Kb	HTML	63	檢視/開啟

在ASIAIR中所有的資料項目都受到原著作權保護.

資料載入中.....