Internal Interface Diversification with Multiple Fake Interfaces
Rauti Sampsa; Leppänen Ville
Internal Interface Diversification with Multiple Fake Interfaces
Rauti Sampsa
Leppänen Ville
Julkaisun pysyvä osoite on:
https://urn.fi/URN:NBN:fi-fe2021042718081
https://urn.fi/URN:NBN:fi-fe2021042718081
Tiivistelmä
Malware uses knowledge of well-known interfaces to achieve
its goals. However, if we uniquely diversify these interfaces
in each system, the malware no longer knows the ”language”
of a specific system and it becomes much more difficult for
malicious programs to operate. This paper extends the idea
of interface diversification by presenting a scheme where a
fake original interface and multiple other fake interfaces are
provided along with the valid interface in order to log the
suspicious activity in the system and possibly deceive malware
by initiating fallacious interaction with it. We also
present a proof-of-concept implementation of this scheme in
Linux environment and conduct experiments with it.
Kokoelmat
- Rinnakkaistallenteet [19207]