Stealthy Server-Side Attacks Using Benign Websites and a Fail-Free Dynamic State Machine

Author: ORCID icon
Lee, Bora, Computer Science - School of Engineering and Applied Science, University of Virginia
Kwon, Yonghwi, EN-Comp Science Dept, University of Virginia

The presence of server-side malware poses a significant risk to a large number of clients who access the compromised server. In this research, we propose a Stealthy-Attack on the server-side that can withstand forensic analysis such as reverse-engineering. Our attack can be triggered by ordinary contents from legitimate and benign websites to avoid detection and misdirect investigators. To expand the input-output space and make reverse-engineering challenging, our attack uses a specialized state-machine that accepts any inputs and produces output accordingly. We created a prototype of Stealthy-Attack and conducted an empirical evaluation on the attack, which demonstrates that it poses significant obstacles to forensic analysis.

MS (Master of Science)
server-side malware, malware analysis, dynamic state machine
Issued Date: