Stealthy Server-Side Attacks Using Benign Websites and a Fail-Free Dynamic State Machine

Author: ORCID icon orcid.org/0000-0002-5241-9167
Lee, Bora, Computer Science - School of Engineering and Applied Science, University of Virginia
Advisor:
Kwon, Yonghwi, EN-Comp Science Dept, University of Virginia
Abstract:

The presence of server-side malware poses a significant risk to a large number of clients who access the compromised server. In this research, we propose a Stealthy-Attack on the server-side that can withstand forensic analysis such as reverse-engineering. Our attack can be triggered by ordinary contents from legitimate and benign websites to avoid detection and misdirect investigators. To expand the input-output space and make reverse-engineering challenging, our attack uses a specialized state-machine that accepts any inputs and produces output accordingly. We created a prototype of Stealthy-Attack and conducted an empirical evaluation on the attack, which demonstrates that it poses significant obstacles to forensic analysis.

Degree:
MS (Master of Science)
Keywords:
server-side malware, malware analysis, dynamic state machine
Language:
English
Issued Date:
2023/04/24