Stealthy Server-Side Attacks Using Benign Websites and a Fail-Free Dynamic State Machine

The presence of server-side malware poses a significant risk to a large number of clients who access the compromised server. In this research, we propose a Stealthy-Attack on the server-side that can withstand forensic analysis such as reverse-engineering. Our attack can be triggered by ordinary contents from legitimate and benign websites to avoid detection and misdirect investigators. To expand the input-output space and make reverse-engineering challenging, our attack uses a specialized state-machine that accepts any inputs and produces output accordingly. We created a prototype of Stealthy-Attack and conducted an empirical evaluation on the attack, which demonstrates that it poses significant obstacles to forensic analysis.