Malware, Encryption, and Rerandomization - Everything is Under Attack
Journal article, Peer reviewed
Accepted version
View/
Permanent link
http://hdl.handle.net/11250/2451076Issue date
2017Metadata
Show full item recordCollections
- Publikasjoner fra CRIStin - NTNU [12867]
- Institutt for matematiske fag [1037]
Abstract
A malware author constructing malware wishes to infect a specific location in the network. The author will then infect n initial nodes with n different variations of his malicious code. The malware continues to infect subsequent nodes in the network by making similar copies of itself. An analyst defending M nodes in the network observes N infected nodes with some malware and wants to know if any sample is targeting any of his nodes. To reduce his work, the analyst need only look at unique malware samples. We show that by encrypting the malware payload and using rerandomization to replicate malware, we can make the N observed malware samples distinct and increase the analyst’s work factor substantially.