NIC displays to thwart malware attacks mounted from within the OS. Issue 61 (August 2016)
- Record Type:
- Journal Article
- Title:
- NIC displays to thwart malware attacks mounted from within the OS. Issue 61 (August 2016)
- Main Title:
- NIC displays to thwart malware attacks mounted from within the OS
- Authors:
- Rrushi, Julian L.
- Abstract:
- Abstract: This paper describes an OS-resident defensive deception approach, which can neutralize malware that has managed to infect a target machine. Such attacks account for most of the spying operations detected to date, and include malware, insider code, and Trojans that originate from compromises of the computer supply chain. The central idea that underpins this work is to display the existence of I/O devices in a computer system. While those I/O devices would not exist for real, their projection will make them appear as valid targets of interception and malicious modification, or as valid means of propagation to other target computers. We experiment with the implementation of a low-level network driver for the Windows operating system. The network driver emulates the operation of a network interface controller (NIC), and thus reports to higher-level drivers in the network stack as if the NIC were existent, fully functional, and with access to an existing computer network. We tested and evaluated NIC displays against a large sample of live malware, and thus discuss our findings in the paper.
- Is Part Of:
- Computers & security. Issue 61(2016)
- Journal:
- Computers & security
- Issue:
- Issue 61(2016)
- Issue Display:
- Volume 61, Issue 61 (2016)
- Year:
- 2016
- Volume:
- 61
- Issue:
- 61
- Issue Sort Value:
- 2016-0061-0061-0000
- Page Start:
- 59
- Page End:
- 71
- Publication Date:
- 2016-08
- Subjects:
- Malware -- Insider threats -- I/O interception -- Defensive cyber deception -- Computer decoys
Computer security -- Periodicals
Electronic data processing departments -- Security measures -- Periodicals
005.805 - Journal URLs:
- http://www.sciencedirect.com/science/journal/01674048 ↗
http://www.elsevier.com/journals ↗ - DOI:
- 10.1016/j.cose.2016.05.002 ↗
- Languages:
- English
- ISSNs:
- 0167-4048
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 3394.781000
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 1.xml