Stealthy Malware Traffic - Not as Innocent as It Looks
| Autor: | Xingsi Zhong, Yu Fu, Lu Yu, Richard Brooks, G. Kumar Venayagamoorthy |
|---|---|
| Rok vydání: | 2017 |
| Předmět: |
FOS: Computer and information sciences
021110 strategic defence & security studies Computer Science - Cryptography and Security Syntax (programming languages) business.industry Computer science ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS 0211 other engineering and technologies 02 engineering and technology D.4.6 Encryption computer.software_genre Phasor measurement unit Countermeasure Smart grid 0202 electrical engineering electronic engineering information engineering Command and control Malware 020201 artificial intelligence & image processing business Protocol (object-oriented programming) computer Cryptography and Security (cs.CR) Computer network |
| DOI: | 10.48550/arxiv.1703.02200 |
| Popis: | Malware is constantly evolving. Although existing countermeasures have success in malware detection, corresponding counter-countermeasures are always emerging. In this study, a counter-countermeasure that avoids network-based detection approaches by camouflaging malicious traffic as an innocuous protocol is presented. The approach includes two steps: Traffic format transformation and side-channel massage (SCM). Format transforming encryption (FTE) translates protocol syntax to mimic another innocuous protocol while SCM obscures traffic side-channels. The proposed approach is illustrated by transforming Zeus botnet (Zbot) Command and Control (C&C) traffic into smart grid Phasor Measurement Unit (PMU) data. The experimental results show that the transformed traffic is identified by Wireshark as synchrophasor protocol, and the transformed protocol fools current side-channel attacks. Moreover, it is shown that a real smart grid Phasor Data Concentrator (PDC) accepts the false PMU data. 9 figures, 2 tables |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|