A4 Refereed article in a conference publication
Internal Interface Diversification with Multiple Fake Interfaces
Authors: Rauti Sampsa, Leppänen Ville
Editors: Rajveer Singh Shekhawat et al.
Conference name: International Conference on Security of Information and Networks
Publishing place: New York, NY
Publication year: 2017
Book title : SIN '17 Proceedings of the 10th International Conference on Security of Information and Networks
Series title: ACM International Conference Proceedings Series
First page : 245
Last page: 250
Number of pages: 6
ISBN: 978-1-4503-5303-8
DOI: https://doi.org/10.1145/3136825.3136900
Self-archived copy’s web address: https://research.utu.fi/converis/portal/detail/Publication/28651179
Malware uses knowledge of well-known interfaces to achieve
its goals. However, if we uniquely diversify these interfaces
in each system, the malware no longer knows the ”language”
of a specific system and it becomes much more difficult for
malicious programs to operate. This paper extends the idea
of interface diversification by presenting a scheme where a
fake original interface and multiple other fake interfaces are
provided along with the valid interface in order to log the
suspicious activity in the system and possibly deceive malware
by initiating fallacious interaction with it. We also
present a proof-of-concept implementation of this scheme in
Linux environment and conduct experiments with it.
Downloadable publication This is an electronic reprint of the original article. |  |
