Refine
H-BRS Bibliography
- no (34)
Departments, institutes and facilities
Document Type
- Conference Object (25)
- Article (7)
- Book (monograph, edited volume) (1)
- Doctoral Thesis (1)
Year of publication
Has Fulltext
- no (34)
Keywords
- Host-Based Code Injection Attacks (2)
- Malware (2)
- Malware analysis (2)
- Memory forensics (2)
- Mobility modeling (2)
- Analysis (1)
- Attacks and Attack Implementations (1)
- Black Hole (1)
- Botnet tracking (1)
- Botnets (1)
Multi-hop Netze sind seit vielen Jahren Forschungsthema. Seit einigen Jahren gibt es auch erste Realisierungen solcher Netze. Sie ermöglichen es, ohne feste Infrastruktur sich selbst organisierende Netze zu realisieren. Dies macht sie für vielfältige zivile wie taktische Szenarien interessant. In der vorliegenden Arbeit liegt der Fokus auf taktischen Szenarien, wie Szenarien der öffentlichen Sicherheit, militärischen oder Katastrophenszenarien. In solchen Szenarien kann für die Kommunikation auf der letzten Meile nicht von existierender Kommunikationsinfrastruktur ausgegangen werden. Taktische multi-hop Netze stellen eine Möglichkeit dar, die Kommunikation auf der letzen Meile trotzdem zu realisieren.
Recent years have seen extensive adoption of domain generation algorithms (DGA) by modern botnets. The main goal is to generate a large number of domain names and then use a small subset for actual C&C communication. This makes DGAs very compelling for botmasters to harden the infrastructure of their botnets and make it resilient to blacklisting and attacks such as takedown efforts. While early DGAs were used as a backup communication mechanism, several new botnets use them as their primary communication method, making it extremely important to study DGAs in detail.
In this paper, we perform a comprehensive measurement study of the DGA landscape by analyzing 43 DGAbased malware families and variants. We also present a taxonomy for DGAs and use it to characterize and compare the properties of the studied families. By reimplementing the algorithms, we pre-compute all possible domains they generate, covering the majority of known and active DGAs. Then, we study the registration status of over 18 million DGA domains and show that corresponding malware families and related campaigns can be reliably identified by pre-computing future DGA domains. We also give insights into botmasters’ strategies regarding domain registration and identify several pitfalls in previous takedown efforts of DGA-based botnets. We will share the dataset for future research and will also provide a web service to check domains for potential DGA identity.
Malware is responsible for massive economic damage. Being the preferred tool for digital crime, botnets are becoming increasingly sophisticated, using more and more resilient, distributed infrastructures based on peer-to-peer (P2P) protocols. On the other side, current investigation techniques for malware and botnets on a technical level are time-consuming and highly complex. Fraunhofer FKIE is addressing this problem, researching new ways of intelligent process automation and information management for malware analysis in order to minimize the time needed to investigate these threats.
Today’s computer systems face a vast array of severe threats that are posed by automated attacks performed by malicious software as well as manual attacks by individual humans. These attacks not only differ in their technical implementation but may also be location-dependent. Consequentially, it is necessary to join the information from heterogeneous and distributed attack sensors in order to acquire comprehensive information on current ongoing cyber attacks.
The usage of link quality based routing metrics significantly improves the quality of the chosen paths and by that the performance of the network. But, attackers may try to exploit link qualities for their purposes. Especially in tactical multi-hop networks, routing may fall prey to an attacker. Such routing attacks are a serious threat to communication. TOGBAD is a centralised approach, using topology graphs to detect routing attacks. In this paper, we enhance TOGBAD with the capability to detect fake link qualities. We use a Challenge/Response method to estimate the link qualities in the network. Based on this, we perform plausibility checks for the link qualities propagated by the nodes in the network. Furthermore, we study the impact of attackers propagating fake link qualities and present simulation results showing TOGBAD's detection rate.
Botnets
(2013)
Malware poses one of the major threats to all currently operated computer systems. The scale of the problem becomes obvious by looking at the global economic loss caused by different kinds of malware, which is estimated to be more than US$ 10 billion every year. Botnets, a special kind of malware, are used to reap economic gains by criminals as well as for politically motivated activities. In contrast to other kinds of malware, botnets utilize a hidden communication channel to receive commands from their operator and communicate their current status. The ability to execute almost arbitrary commands on the infected machines makes botnets a general-purpose tool to perform malicious cyber-activities. (Verlagsangaben)
Routing Attacks are a serious threat to communication in tactical MANETs. TOGBAD is a centralised approach, using topology graphs to detect such attacks. In this paper, we present TOGBAD's newly added wormhole detection capability. It is an adaptation of a wormhole detection method developed by Hu et al. This method is based on nodes' positions. We adapted it to the specific properties of tactical environments. Furthermore, we present simulation results which show TOGBAD's performance regarding the detection of wormhole attacks.