TY - GEN
T1 - A Functional Model and Analysis of Next Generation Malware Attacks and Defenses
AU - Pu, Calton
AU - Wang, Qingyang
AU - Kanemasa, Yasuhiko
AU - Alves Lima, Rodrigo
AU - Kimball, Joshua
AU - Zhang, Shungeng
AU - Liu, Jianshu
AU - Gu, Xuhang
N1 - Publisher Copyright:
© 2021 IEEE.
PY - 2021
Y1 - 2021
N2 - Recent ransomware attacks (e.g., Colonial and JBS) caused significant social and economic impact due to their ability to shut down entire businesses. A functional model divides next-generation malware (NG-malware) attacks into 3 stages: Penetration (to gain a foothold), Propagation (to gain full control of target system), and a variety of Exploitation methods. The functional model shows that many attack methods and tools can be flexibly combined to bypass implementation-specific defenses at each stage, with the most important defense battleground being the prevention of NG-malware gaining full control of target system. Given the potential for further evolution of MG-malware, e.g., obfuscation of lateral movement jobs to increase both the speed and stealth of Propagation, it is crucial for the defense to develop effective defenses to detect NG-malware Propagation before ceding full control. An experimental platform that enables detailed evaluation of new NG-malware attacks and defenses is an effective tool in the battle for full control.
AB - Recent ransomware attacks (e.g., Colonial and JBS) caused significant social and economic impact due to their ability to shut down entire businesses. A functional model divides next-generation malware (NG-malware) attacks into 3 stages: Penetration (to gain a foothold), Propagation (to gain full control of target system), and a variety of Exploitation methods. The functional model shows that many attack methods and tools can be flexibly combined to bypass implementation-specific defenses at each stage, with the most important defense battleground being the prevention of NG-malware gaining full control of target system. Given the potential for further evolution of MG-malware, e.g., obfuscation of lateral movement jobs to increase both the speed and stealth of Propagation, it is crucial for the defense to develop effective defenses to detect NG-malware Propagation before ceding full control. An experimental platform that enables detailed evaluation of new NG-malware attacks and defenses is an effective tool in the battle for full control.
KW - insider attack
KW - malware
KW - millibottleneck
KW - obfuscation
KW - ransomware
UR - http://www.scopus.com/inward/record.url?scp=85128714035&partnerID=8YFLogxK
UR - https://doi.org/10.1109/TPSISA52974.2021.00023
U2 - 10.1109/TPSISA52974.2021.00023
DO - 10.1109/TPSISA52974.2021.00023
M3 - Conference contribution
AN - SCOPUS:85128714035
T3 - Proceedings - 2021 3rd IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications, TPS-ISA 2021
SP - 197
EP - 206
BT - Proceedings - 2021 3rd IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications, TPS-ISA 2021
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 3rd IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications, TPS-ISA 2021
Y2 - 13 December 2021 through 15 December 2021
ER -