Organizations face Cyber attacks of increasing sophistication. However, detection measures have not kept up with the pace of advancement in attack design. Common detection systems use detection rules or heuristics based on behaviors of known previous attacks and often crafted manually. The result is a defensive system which is both too sensitive, result- ing in many false positives, and not sensitive enough, missing detection of new attacks.
Building upon our work developing the Covertness Capability Calculus, we propose Malware Vectors, a technique for the discovery of defense logic via remote probing. Malware Vectors proposes a technique for building malware by discovering obserables which can be generated without triggering detection. Malware Vectors generates probes to establish a vector of acceptable observable values that the attack may generate without triggering detection. We test attacks against an unknown defense logic and show that it is trivial to discover a covert way to carry out an attack. We extend this simulation to randomly generated defense logics and find that without a change in underlying strategy defenders cannot improve their position significantly. Further, we find that discovery of full logic can be efficiently achieved using only Membership Queries in most cases. Finally, we propose some techniques that a defender could implement to attempt to defend against the Malware Vectors technique.
|Advisor:||Cybenko, George V.|
|Commitee:||Borsuk, Mark, Chin, Sang, Santos, Eugene|
|School Location:||United States -- New Hampshire|
|Source:||DAI-B 76/07(E), Dissertation Abstracts International|
|Keywords:||Adversarial, Boolean logic discovery, Cyber defense, Game theory, Malware, Utility|
Copyright in each Dissertation and Thesis is retained by the author. All Rights Reserved
The supplemental file or files you are about to download were provided to ProQuest by the author as part of a
dissertation or thesis. The supplemental files are provided "AS IS" without warranty. ProQuest is not responsible for the
content, format or impact on the supplemental file(s) on our system. in some cases, the file type may be unknown or
may be a .exe file. We recommend caution as you open such files.
Copyright of the original materials contained in the supplemental file is retained by the author and your access to the
supplemental files is subject to the ProQuest Terms and Conditions of use.
Depending on the size of the file(s) you are downloading, the system may take some time to download them. Please be