We apologize for a recent technical issue with our email system, which temporarily affected account activations. Accounts have now been activated. Authors may proceed with paper submissions. PhDFocusTM
CFP last date
20 December 2024
Reseach Article

Pervasive Malware Propagation Mechanism and Mitigation Techniques

by Amit Kumar, Pallavi Kulkarni
International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 125 - Number 4
Year of Publication: 2015
Authors: Amit Kumar, Pallavi Kulkarni
10.5120/ijca2015905893

Amit Kumar, Pallavi Kulkarni . Pervasive Malware Propagation Mechanism and Mitigation Techniques. International Journal of Computer Applications. 125, 4 ( September 2015), 37-43. DOI=10.5120/ijca2015905893

@article{ 10.5120/ijca2015905893,
author = { Amit Kumar, Pallavi Kulkarni },
title = { Pervasive Malware Propagation Mechanism and Mitigation Techniques },
journal = { International Journal of Computer Applications },
issue_date = { September 2015 },
volume = { 125 },
number = { 4 },
month = { September },
year = { 2015 },
issn = { 0975-8887 },
pages = { 37-43 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume125/number4/22424-2015905893/ },
doi = { 10.5120/ijca2015905893 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-06T23:15:11.138222+05:30
%A Amit Kumar
%A Pallavi Kulkarni
%T Pervasive Malware Propagation Mechanism and Mitigation Techniques
%J International Journal of Computer Applications
%@ 0975-8887
%V 125
%N 4
%P 37-43
%D 2015
%I Foundation of Computer Science (FCS), NY, USA
Abstract

Malwares i.e. malicious code/softwares poses prevalent threat to businesses and network across distributed systems. Like it is said in order to catch criminals, we have to think like a criminal, likewise in order to catch cyber criminals/terrorists, we have to think like a cyber-criminal. Malware campaigns have been the driving engines for cyber-warfare being used by cyber criminals & black hat hackers to target organizations, various governments, and financial institutions for leverage & selfish profits, since early decade. In the recent trends of past years, the sophistication of malware campaigns have grown more complex to perform targeted successful attacks and bypass the prevailing & evolving defense mechanisms out there. Our approach is motivated by the factor that malwares breed on the vulnerability of the software applications running across the web. Idea behind pervasive malware propagation mechanism is to provide insight towards various exploitable scenarios based on vulnerabilities and software coding flaws in the software system, its architecture and over the network. Understanding the control flow structure of malware propagation into the system & over the network provides greater insight into how vulnerabilities are being exploited , how target surface identification is being carried out by the attackers, how exactly the exploits are being delivered using the payloads & what mechanism is being used to maintain the access to the exploited victim over the network. Eventually some suggestions as precautionary mitigation mechanisms to stop the malware propagation.

References
  1. Shui Yu, Song Guo , and Ivan Stojmenovic, Fool Me If You Can: Mimicking Attacks and Anti-attacks in Cyberspace, IEEE Transactions on Computers, 139-151 , http://dx.doi.org/10.1109/TC.2013.191
  2. Ajay Gupta, Daniel C. Du Varney, Computer Security Applications Conference, 2004. 20th Annual, 116-125, 1063-9527 http://dx.doi.org/10.1109/CSAC.2004.47
  3. Kevin M. Carter, Nwokedi Idika, and William W. Streilein: Probabilistic Threat Propagation for Network Security IEEE Transactions on Information Forensics and Security, VOL. 9, NO. 9, September 2014, 1394 - 1405, 1556-6013, http://dx.doi.org/10.1109/TIFS.2014.2334272
  4. Seungwon Shin, Guofei Gu, , Narasimha Reddy ,and Christopher P. Lee: A Large-Scale Empirical Study of Conficker, IEEE Transactions on Information Forensics and Security , Volume 7 Issue 2, April 2012 Page 676-690 , 1556-6013, http://dx.doi.org/10.1109/TIFS.2011.2173486
  5. Zesheng Chen and Chuanyi Ji,:An Information-Theoretic View of Network-Aware Malware Attacks, IEEE Transactions on Information Forensics and Security, 30 June 2009, 530–541, 1556-6013, http://dx.doi.org/10.1109/TIFS.2009.2025847
  6. Sheng Wen, Wei Zhou, Jun Zhang,Yang Xiang, Wanlei Zhou: Modeling and Analysis on the Propagation Dynamics of Modern Email Malware, IEEE Transactions on Dependable and Secure Computing, 20 November 2013, 361 – 374, 1545-5971, http://dx.doi.org/10.1109/TDSC.2013.49
  7. Krishna K. Ramachandran and Biplab Sikdar: Dynamics of Malware Spread in Decentralized Peer-to-Peer Networks IEEE Transactions on Dependable and Secure Computing, 03 December 2010, 617 – 623, 1545-5971, http://dx.doi.org/10.1109/TDSC.2010.69
  8. Ping Wang, Sherri Sparks, and Cliff C. Zou,Member: An Advanced Hybrid Peer-to-Peer Botnet, IEEE Transactions on Dependable and Secure Computing, 18 July 2008, 113 – 127, 1545-5971, http://dx.doi.org/10.1109/TDSC.2008.35
  9. Silvio Cesare, Yang Xiang, and Wanlei Zhou: Malwise—An Effective and Efficient Classification System for Packed and Polymorphic Malware , IEEE Transactions on Computers, 19 March 2012, 1193 – 1206, 0018-9340, http://dx.doi.org/10.1109/TC.2012.65
  10. Ravishankar Borgaonkar: An Analysis of the Asprox Botnet, 2010 Fourth International Conference on Emerging Security Information, Systems and Technologies, July 18, 2010, 148-153, http://doi.ieeecomputersociety.org/10.1109/SECURWARE.2010.32.
  11. H. Binsalleeh , T. Ormerod , A. Boukhtouta , P. Sinha , A. Youssef , M. Debbabi , and L. Wang : On the Analysis of the Zeus Botnet Crimeware Toolkit, 2010 Eighth Annual International Conference on Privacy Security and Trust (PST), 17-19 Aug. 2010, 31 -38, http://dx.doi.org/10.1109/PST.2010.5593240.
Index Terms

Computer Science
Information Sciences

Keywords

Pervasive Malware Propagation Mechanism Vulnerability Exploitation Threat Surfaces Vulnerability Identification Payload Software Flaw Coding Flaw Vulnerability Patching Exploit kit botnet command & control center attack surfaces Malicious code Advanced attack.