Fighting fire with fire – a Pre-emptive approach to restore control over IT assets from malware infection
Pan, J.Y. (2012) Fighting fire with fire – a Pre-emptive approach to restore control over IT assets from malware infection. Professional Doctorate thesis, Murdoch University.
Malware is a major threat as they induce multiple risks to infected organizations. Current Anti-Malware solutions meant to keep Malware away are challenged on how to keep the risks at bay effectively. When a Malware manages to penetrate an organization’s defences, there is a need to effectively contain the Malware and retain control over the organization’s IT assets before the risk escalates. In response, Malware Remediation is supposed to contain the effects of the Malware infiltration or outbreak. However Incident Responders face many challenges to contain the malice. One challenge is the logistics of how to coordinate a distributed and timely containment. Another is the need of an effective technique to defunct the Malware as they are able to overcome conventional countermeasures. The final challenge is how to maintain the level of effectiveness of the containment tools in the face of self-preservation attacks by the Malware. This research study evaluates the use of Malware techniques to address the three challenges as a part of Malware Remediation in order to restore control over the IT assets back to the organization.
In this thesis, the first proposition to the challenge of coordinating a distributed incident response plan is to use the distributed and coordinated characteristics of a command and control botnet. In order to validate this proposition, an agent based simulation model was developed to show that a good (non-malicious) botnet with its distributed and coordinated containment approach will result in faster Malware containment and reduce the effects of a Malware outbreak compared to conventional manual containment techniques. The proposed solution to the second challenge is to use the offensive techniques used by Malware to defunct the targeted Malware. The evaluation is done through three experiments using three different offensive techniques against live Malware. One of the three experiments involved a smartphone Malware as this form of Malware is becoming increasingly prevalent in recent times. All three experiments showed that offensive techniques could effectively defunct the targeted Malware in the infected devices. The proposition to the final challenge is to adopt Malware resilient designs. The latter is used by Malware to protect themselves against Anti-Malware solutions and attempts to defunct them. The proposal is evaluated by conducting three experiments where a custom developed application that incorporated Malware resilience designs was attacked using Malware offensive techniques. All three experiments demonstrated that Malware resilient designs could aid Malware Remediation tool developers or Anti-Malware solution developers to protect their products against self-preservation attacks of Malware.
In order to facilitate the adoption of the three research proposals by Incident Responders, the last proposition in this thesis is to package the knowledge of using Malware techniques for Malware Remediation into Malware Remediation patterns. The latter uses a pattern template derived from common security pedagogical patterns. Samples of the Malware like Malware Remediation patterns are included in the thesis. The thesis concludes with a consideration into future research directions with respect to all the research proposals mentioned in the study.
|Publication Type:||Thesis (Professional Doctorate)|
|Murdoch Affiliation:||School of Information Technology|
|Supervisor:||Fung, Lance and Wong, Kevin|
|Item Control Page|
Downloads per month over past year