Phantom Malware: Conceal Malicious Actions From Malware Detection Techniques by Imitating User Activity
Bitte benutzen Sie diese Kennung, um auf die Ressource zu verweisen:
https://osnadocs.ub.uni-osnabrueck.de/handle/urn:nbn:de:gbv:700-202105114440
https://osnadocs.ub.uni-osnabrueck.de/handle/urn:nbn:de:gbv:700-202105114440
Langanzeige der Metadaten
| DC Element | Wert | Sprache |
|---|---|---|
| dc.creator | Witte, Tim Niklas | - |
| dc.date.accessioned | 2021-05-11T09:47:30Z | - |
| dc.date.available | 2021-05-11T09:47:30Z | - |
| dc.date.issued | 2020-09-04 | - |
| dc.identifier.citation | T. N. Witte, "Phantom Malware: Conceal Malicious Actions From Malware Detection Techniques by Imitating User Activity," in IEEE Access, vol. 8, pp. 164428-164452, 2020 | ger |
| dc.identifier.uri | https://osnadocs.ub.uni-osnabrueck.de/handle/urn:nbn:de:gbv:700-202105114440 | - |
| dc.description.abstract | State of the art malware detection techniques only consider the interaction of programs with the operating system's API (system calls) for malware classification. This paper demonstrates that techniques like these are insufficient. A point that is overlooked by the currently existing techniques is presented in this paper: Malware is able to interact with windows providing the corresponding functionality in order to execute the desired action by mimicking user activity. In other words, harmful actions will be masked as simulated user actions. To start with, the article introduces User Imitating techniques for concealing malicious commands of the malware as impersonated user activity. Thereafter, the concept of Phantom Malware will be presented: This malware is constantly applying User Imitating to execute each of its malicious actions. A Phantom Ransomware (ransomware employs the User Imitating for every of its malicious actions) is implemented in C++ for testing anti-virus programs in Windows 10. Software of various manufacturers are applied for testing purposes. All of them failed without exception. This paper analyzes the reasons why these products failed and further, presents measures that have been developed against Phantom Malware based on the test results. | eng |
| dc.relation | https://doi.org/10.1109/ACCESS.2020.3021743 | ger |
| dc.rights | Attribution 4.0 International | * |
| dc.rights.uri | http://creativecommons.org/licenses/by/4.0/ | * |
| dc.subject | Malware | eng |
| dc.subject | ransomware | eng |
| dc.subject | user imitation | eng |
| dc.subject | UI redressing | eng |
| dc.subject | overlay attacks | eng |
| dc.subject | BadUSB | eng |
| dc.subject | obfuscation | eng |
| dc.subject | behavior blockers | eng |
| dc.subject.ddc | 004 - Informatik | ger |
| dc.title | Phantom Malware: Conceal Malicious Actions From Malware Detection Techniques by Imitating User Activity | eng |
| dc.type | Einzelbeitrag in einer wissenschaftlichen Zeitschrift [article] | ger |
| orcid.creator | https://orcid.org/0000-0002-8727-9483 | - |
| dc.identifier.doi | 10.1109/ACCESS.2020.3021743 | - |
| Enthalten in den Sammlungen: | FB06 - Hochschulschriften Open-Access-Publikationsfonds | |
Dateien zu dieser Ressource:
| Datei | Beschreibung | Größe | Format | |
|---|---|---|---|---|
| IEEEAccess_Witte_2020.pdf | 1,86 MB | Adobe PDF | IEEEAccess_Witte_2020.pdf  Öffnen/Anzeigen |
Diese Ressource wurde unter folgender Copyright-Bestimmung veröffentlicht:
Lizenz von Creative Commons
