A4 Vertaisarvioitu artikkeli konferenssijulkaisussa
Internal Interface Diversification with Multiple Fake Interfaces
Tekijät: Rauti Sampsa, Leppänen Ville
Toimittaja: Rajveer Singh Shekhawat et al.
Konferenssin vakiintunut nimi: International Conference on Security of Information and Networks
Kustannuspaikka: New York, NY
Julkaisuvuosi: 2017
Kokoomateoksen nimi: SIN '17 Proceedings of the 10th International Conference on Security of Information and Networks
Sarjan nimi: ACM International Conference Proceedings Series
Aloitussivu: 245
Lopetussivu: 250
Sivujen määrä: 6
ISBN: 978-1-4503-5303-8
DOI: https://doi.org/10.1145/3136825.3136900
Rinnakkaistallenteen osoite: https://research.utu.fi/converis/portal/detail/Publication/28651179
Malware uses knowledge of well-known interfaces to achieve
its goals. However, if we uniquely diversify these interfaces
in each system, the malware no longer knows the ”language”
of a specific system and it becomes much more difficult for
malicious programs to operate. This paper extends the idea
of interface diversification by presenting a scheme where a
fake original interface and multiple other fake interfaces are
provided along with the valid interface in order to log the
suspicious activity in the system and possibly deceive malware
by initiating fallacious interaction with it. We also
present a proof-of-concept implementation of this scheme in
Linux environment and conduct experiments with it.
Ladattava julkaisu This is an electronic reprint of the original article. |  |
