A Functional Model and Analysis of Next Generation Malware Attacks and Defenses

Calton Pu; Qingyang Wang; Yasuhiko Kanemasa; Rodrigo Alves Lima; Joshua Kimball; Shungeng Zhang; Jianshu Liu; Xuhang Gu

doi:10.1109/TPSISA52974.2021.00023

A Functional Model and Analysis of Next Generation Malware Attacks and Defenses

Calton Pu, Qingyang Wang, Yasuhiko Kanemasa, Rodrigo Alves Lima, Joshua Kimball, Shungeng Zhang, Jianshu Liu, Xuhang Gu

Computer & Cyber Sciences

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Recent ransomware attacks (e.g., Colonial and JBS) caused significant social and economic impact due to their ability to shut down entire businesses. A functional model divides next-generation malware (NG-malware) attacks into 3 stages: Penetration (to gain a foothold), Propagation (to gain full control of target system), and a variety of Exploitation methods. The functional model shows that many attack methods and tools can be flexibly combined to bypass implementation-specific defenses at each stage, with the most important defense battleground being the prevention of NG-malware gaining full control of target system. Given the potential for further evolution of MG-malware, e.g., obfuscation of lateral movement jobs to increase both the speed and stealth of Propagation, it is crucial for the defense to develop effective defenses to detect NG-malware Propagation before ceding full control. An experimental platform that enables detailed evaluation of new NG-malware attacks and defenses is an effective tool in the battle for full control.

Original language	English (US)
Title of host publication	Proceedings - 2021 3rd IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications, TPS-ISA 2021
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	197-206
Number of pages	10
ISBN (Electronic)	9781665416238
DOIs	https://doi.org/10.1109/TPSISA52974.2021.00023
State	Published - 2021
Event	3rd IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications, TPS-ISA 2021 - Virtual, Online, United States Duration: Dec 13 2021 → Dec 15 2021

Publication series

Name	Proceedings - 2021 3rd IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications, TPS-ISA 2021

Conference

Conference	3rd IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications, TPS-ISA 2021
Country/Territory	United States
City	Virtual, Online
Period	12/13/21 → 12/15/21

Keywords

insider attack
malware
millibottleneck
obfuscation
ransomware

ASJC Scopus subject areas

Artificial Intelligence
Information Systems
Information Systems and Management
Safety, Risk, Reliability and Quality
Computer Networks and Communications

Access to Document

10.1109/TPSISA52974.2021.00023

Cite this

Pu, C., Wang, Q., Kanemasa, Y., Alves Lima, R., Kimball, J., Zhang, S., Liu, J., & Gu, X. (2021). A Functional Model and Analysis of Next Generation Malware Attacks and Defenses. In Proceedings - 2021 3rd IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications, TPS-ISA 2021 (pp. 197-206). (Proceedings - 2021 3rd IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications, TPS-ISA 2021). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/TPSISA52974.2021.00023

A Functional Model and Analysis of Next Generation Malware Attacks and Defenses. / Pu, Calton; Wang, Qingyang; Kanemasa, Yasuhiko et al.
Proceedings - 2021 3rd IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications, TPS-ISA 2021. Institute of Electrical and Electronics Engineers Inc., 2021. p. 197-206 (Proceedings - 2021 3rd IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications, TPS-ISA 2021).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Pu, C, Wang, Q, Kanemasa, Y, Alves Lima, R, Kimball, J, Zhang, S, Liu, J & Gu, X 2021, A Functional Model and Analysis of Next Generation Malware Attacks and Defenses. in Proceedings - 2021 3rd IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications, TPS-ISA 2021. Proceedings - 2021 3rd IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications, TPS-ISA 2021, Institute of Electrical and Electronics Engineers Inc., pp. 197-206, 3rd IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications, TPS-ISA 2021, Virtual, Online, United States, 12/13/21. https://doi.org/10.1109/TPSISA52974.2021.00023

Pu C, Wang Q, Kanemasa Y, Alves Lima R, Kimball J, Zhang S et al. A Functional Model and Analysis of Next Generation Malware Attacks and Defenses. In Proceedings - 2021 3rd IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications, TPS-ISA 2021. Institute of Electrical and Electronics Engineers Inc. 2021. p. 197-206. (Proceedings - 2021 3rd IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications, TPS-ISA 2021). doi: 10.1109/TPSISA52974.2021.00023

Pu, Calton ; Wang, Qingyang ; Kanemasa, Yasuhiko et al. / A Functional Model and Analysis of Next Generation Malware Attacks and Defenses. Proceedings - 2021 3rd IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications, TPS-ISA 2021. Institute of Electrical and Electronics Engineers Inc., 2021. pp. 197-206 (Proceedings - 2021 3rd IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications, TPS-ISA 2021).

@inproceedings{1d599c5c43c640209774fb0e09b5f19e,

title = "A Functional Model and Analysis of Next Generation Malware Attacks and Defenses",

abstract = "Recent ransomware attacks (e.g., Colonial and JBS) caused significant social and economic impact due to their ability to shut down entire businesses. A functional model divides next-generation malware (NG-malware) attacks into 3 stages: Penetration (to gain a foothold), Propagation (to gain full control of target system), and a variety of Exploitation methods. The functional model shows that many attack methods and tools can be flexibly combined to bypass implementation-specific defenses at each stage, with the most important defense battleground being the prevention of NG-malware gaining full control of target system. Given the potential for further evolution of MG-malware, e.g., obfuscation of lateral movement jobs to increase both the speed and stealth of Propagation, it is crucial for the defense to develop effective defenses to detect NG-malware Propagation before ceding full control. An experimental platform that enables detailed evaluation of new NG-malware attacks and defenses is an effective tool in the battle for full control.",

keywords = "insider attack, malware, millibottleneck, obfuscation, ransomware",

author = "Calton Pu and Qingyang Wang and Yasuhiko Kanemasa and {Alves Lima}, Rodrigo and Joshua Kimball and Shungeng Zhang and Jianshu Liu and Xuhang Gu",

note = "Publisher Copyright: {\textcopyright} 2021 IEEE.; 3rd IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications, TPS-ISA 2021 ; Conference date: 13-12-2021 Through 15-12-2021",

year = "2021",

doi = "10.1109/TPSISA52974.2021.00023",

language = "English (US)",

series = "Proceedings - 2021 3rd IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications, TPS-ISA 2021",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "197--206",

booktitle = "Proceedings - 2021 3rd IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications, TPS-ISA 2021",

}

TY - GEN

T1 - A Functional Model and Analysis of Next Generation Malware Attacks and Defenses

AU - Pu, Calton

AU - Wang, Qingyang

AU - Kanemasa, Yasuhiko

AU - Alves Lima, Rodrigo

AU - Kimball, Joshua

AU - Zhang, Shungeng

AU - Liu, Jianshu

AU - Gu, Xuhang

PY - 2021

Y1 - 2021

N2 - Recent ransomware attacks (e.g., Colonial and JBS) caused significant social and economic impact due to their ability to shut down entire businesses. A functional model divides next-generation malware (NG-malware) attacks into 3 stages: Penetration (to gain a foothold), Propagation (to gain full control of target system), and a variety of Exploitation methods. The functional model shows that many attack methods and tools can be flexibly combined to bypass implementation-specific defenses at each stage, with the most important defense battleground being the prevention of NG-malware gaining full control of target system. Given the potential for further evolution of MG-malware, e.g., obfuscation of lateral movement jobs to increase both the speed and stealth of Propagation, it is crucial for the defense to develop effective defenses to detect NG-malware Propagation before ceding full control. An experimental platform that enables detailed evaluation of new NG-malware attacks and defenses is an effective tool in the battle for full control.

AB - Recent ransomware attacks (e.g., Colonial and JBS) caused significant social and economic impact due to their ability to shut down entire businesses. A functional model divides next-generation malware (NG-malware) attacks into 3 stages: Penetration (to gain a foothold), Propagation (to gain full control of target system), and a variety of Exploitation methods. The functional model shows that many attack methods and tools can be flexibly combined to bypass implementation-specific defenses at each stage, with the most important defense battleground being the prevention of NG-malware gaining full control of target system. Given the potential for further evolution of MG-malware, e.g., obfuscation of lateral movement jobs to increase both the speed and stealth of Propagation, it is crucial for the defense to develop effective defenses to detect NG-malware Propagation before ceding full control. An experimental platform that enables detailed evaluation of new NG-malware attacks and defenses is an effective tool in the battle for full control.

KW - insider attack

KW - malware

KW - millibottleneck

KW - obfuscation

KW - ransomware

UR - http://www.scopus.com/inward/record.url?scp=85128714035&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85128714035&partnerID=8YFLogxK

U2 - 10.1109/TPSISA52974.2021.00023

DO - 10.1109/TPSISA52974.2021.00023

M3 - Conference contribution

AN - SCOPUS:85128714035

T3 - Proceedings - 2021 3rd IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications, TPS-ISA 2021

SP - 197

EP - 206

BT - Proceedings - 2021 3rd IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications, TPS-ISA 2021

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 3rd IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications, TPS-ISA 2021

Y2 - 13 December 2021 through 15 December 2021

ER -

A Functional Model and Analysis of Next Generation Malware Attacks and Defenses

Abstract

Publication series

Conference

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this