Large-Scale Obfuscation as a Method against Malware

Group


Ville Leppänen
Home page
email

Sampsa Rauti
Home page

Overview

Today, malware is one of the biggest threats in Internet and the amount of malicious programs is continuously increasing. Malware uses knowledge. In order to get access to a computer's resources, malware has to know the interfaces providing these services. Computers using the same operating system have identical ways of accessing resources via software layers. Consequently, it is easy for a piece of malware to abuse resources.

The malware would be rendered ineffective if it could not use the interfaces providing the resources. In our scheme, the operating system and software on each machine are uniquely obfuscated. This way, it is much harder for the malware to learn the 'language' required to use resources.

Even if the malware can circumvent this protection on one machine, large-scale attacks are hard to implement because the obfuscation is unique for each target. The malware also does not have any knowledge on the secret obfuscation method applied to a specific target. The attacker now has to analyze each target separately, which is a tedious and time-consuming process.

Moreover, we can have a process monitoring the use of each resource on a computer. In this approach, resources are accessed via a process instead of an interface providing functions. An ID could be given for each resource guard process and each program trying to use resources, and thus cryptographic protocols could be embedded into the method that is used to access resources.


Publications

Sorry, no results for this query
Journal articles and book chapters
[1] Resilient JavaScript and HTML Obfuscation and Code Protection for Ajax Applications against Man-in-the-Browser Attacks (Sampsa Rauti, Ville Leppänen), under review, 2013.
[2] Man-in-the-Browser Attacks in Modern Web Browsers (Sampsa Rauti, Ville Leppänen), under review, 2013.
Refereed Conference Papers
[3] Browser Extension-Based Man-in-the-Browser Attacks Against Ajax Applications with Countermeasures (Sampsa Rauti, Ville Leppänen), In Proceedings of International Conference on Computer Systems and Technologies, CompSysTech'12, 2012.
[4] Man-in-the-browser -hyökkäyksistä Ajax-sovelluksissa (Sampsa Rauti, Ville Leppänen), Proceedings of Federated Computer Science Event 2012, 2012.


© Turun yliopisto