THE USE OF INTERFACE DIVERSIFICATION IN MALICIOUS SOFTWARE

Yıl 2024, Cilt: 7 Sayı: 1, 35 - 53, 29.08.2024

Nasrullah Frotan , Rıfat Yazıcı

https://doi.org/10.56809/icujtas.1410198

Öz

This article provides real-world examples of vulnerabilities and exploits that can be renewed with diversification to demonstrate the effectiveness of internal interface diversification. Interface diversification has helped prevent many exploits and vulnerabilities of malware. It has also helped reduce the threat of large-scale cyberattacks and has not been shown to create overhead on devices with limited resources. Interface diversification can be implemented with simple operations and does not have a negative impact on performance. The internal interface diversification makes it difficult for malicious programs to run even on devices that do not receive updates. It also blocks attacks such as bot networks and prevents them from spreading. However, it may not be effective against some types of attacks and may be a difficult method to implement.

Anahtar Kelimeler

interface diversification, malware, cybersecurity, IoT, detecting and blocking malware

ARAYÜZ ÇEŞİTLENDİRMESİNİN KÖTÜ AMAÇLI YAZILIMLARDA KULLANIM DURUMU

Öz

Bu makale, dahili arayüz çeşitlendirmesinin etkinliğini göstermek amacıyla çeşitlendirme ile yenilenebilen güvenlik açıkları ve suistimallerin gerçek dünya örneklerini sunmaktadır. Arayüz çeşitlendirmesi, kötü amaçlı yazılımların birçok istismarı ve güvenlik açığı önlemeye yardımcı olmuştur. Ayrıca, büyük ölçekli siber saldırı tehdidini azaltmaya yardımcı olmuş ve kaynakları sınırlı olan cihazlarda ek yük oluşturmadığı görülmüştür. Arayüz çeşitlendirmesi basit işlemlerle uygulanabilir ve performans üzerinde olumsuz bir etkisi yoktur. Dahili arayüz çeşitlendirmesi, güncellemeler alamayan cihazlarda bile zararlı programların çalışmasını zorlaştırmaktadır. Ayrıca, bot ağları gibi saldırıları engellemekte ve yayılmasını önlemektedir. Bununla birlikte, bazı saldırı türlerine karşı etkili olmayabilir ve uygulaması zor bir yöntem olabilir.

Anahtar Kelimeler

arayüz çeşitlendirmesi, kötü amaçlı yazılımlar, siber güvenlik, IoT, kötü amaçlı yazımların tespiti ve engellenmesi

Kaynakça

• Acharya, J., Chaudhary, A., Chhabria, A., & Jangale, S. (2021, May). Detecting malware, malicious URLs and virus using machine learning and signature matching. In 2021 2nd International Conference for Emerging Technology (INCET) (pp. 1-5). IEEE.
• Alsmadi, T., & Alqudah, N. (2021, July). A Survey on malware detection techniques. In 2021 International Conference on Information Technology (ICIT) (pp. 371-376). IEEE.
• Amadeo, R. (2017). Google’snew “Android Things” OS hopestosolveawfulIoTsecurity. ArsTechnica 2016. Available online: https://arstechnica.com/gadgets/2016/12/google-brillo-rebrands-as-android-thingsgoogles-internet-of-things-os/ (accessed on 15 December 2017)
• Atasever, S., Özçelik, İ., & SAĞIROĞLU, Ş. (2019). Siber Terör ve DDoS. Süleyman Demirel Üniversitesi Fen Bilimleri Enstitüsü Dergisi, 23(1), 238-244.
• Aycock, J. (2006). Computer viruses and malware (Vol. 22). Springer Science & Business Media.
• Aziz, A., Jawaid, A. B., & Khan, H. R. (2021). Inclination of Computer Virus and Anti-Virus Techniques A Short Survey. ILMA Journal of Technology & Software Management (IJTSM), 2(1).
• Bazrafshan, Z., Hashemi, H., Fard, S. M. H., & Hamzeh, A. (2013, May). A survey on heuristic malware detection techniques. In The 5th Conference on Information and Knowledge Technology (pp. 113-120). IEEE.
• Caruso, R. D. (2003). Personal computer security: Part 1. Firewalls, antivirus software, and Internet security suites. Radiographics, 23(5), 1329-1337.
• Chakravarty, A. K., Raj, A., Paul, S., & Apoorva, S. (2019). A study of signature-based and behaviour-based malware detection approaches. Int. J. Adv. Res. Ideas Innov. Technol., 5(3), 1509-1511.
• Cohen, F. (1987). Computer viruses: theory and experiments. Computers & security, 6(1), 22-35.
• Cooper Jr, A. B., Hall, J., Mundhenk, D., & Rothke, B. (2023). Protect All Systems and Networks from Malicious Software. In The Definitive Guide to PCI DSS Version 4: Documentation, Compliance, and Management (pp. 73-80). Berkeley, CA: Apress.
• Çalık Bayazıt, E. (2023). Android sistemlerde derin öğrenme tabanlı kötü amaçlı yazılım tespit sistemi.
• Çelik, S., & Çeliktaş, B. (2021). Güncel Siber Güvenlik Tehditleri: Fidye Yazılımlar. CyberPolitik Journal, 3(5), 105-132.
• Felt, A. P., Finifter, M., Chin, E., Hanna, S., & Wagner, D. (2011, October). A survey of mobile malware in the wild. In Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices (pp. 3-14).
• Gnatyuk, S., Satybaldiyeva, F., Sydorenko, V., Zhyharevych, O., & Polozhentsev, A. (2023) Model of Information Technology for Efficient Data Processing in Cloud-based Malware Detection Systems of Critical Information Infrastructure.
• Gobbo, J. (2023). Analysis and implementation of Software Similarity metrics.
• Gordon, J. (2004, May). Lessons from virus developers: The Beagle worm history through April 24, 2004. In SecurityFocus Guest Feature Forum.
• Govindaraju, A. (2010). Exhaustive statistical analysis for detection of metamorphic malware.
• Griffin, K., Schneider, S., Hu, X., & Chiueh, T. C. (2009, September). Automatic Generation of String Signatures for Malware Detection. In RAID (Vol. 5758, pp. 101-120).
• Gutmann, P. (2007). The commercial malware industry. In DEFCON conference.
• Jacob, G., Debar, H., & Filiol, E. (2008). Behavioral detection of malware: from a survey towards an established taxonomy. Journal in computer Virology, 4, 251-266.
• Kabay, M. E. (2012). History of computer crime. Computer security handbook, 2-1.
• Kerrisk, M. (2010). The Linux programming interface: a Linux and UNIX system programming handbook. No Starch Press.
• Konstantinou, E., & Wolthusen, S. (2008). Metamorphic virus: Analysis and detection. Royal Holloway University of London, 15, 15.
• Kuriyal, V., Bordoloi, D., Singh, D. P., & Tripathi, V. (2022, November). Metamorphic and polymorphic malware detection and classification using dynamic analysis of API calls. In AIP Conference Proceedings (Vol. 2481, No. 1). AIP Publishing.
• Li, C., Chen, X., Wang, D., Wen, S., Ahmed, M. E., Camtepe, S., & Xiang, Y. (2021). Backdoor attack on machine learning based android malware detectors. IEEE Transactions on Dependable and Secure Computing, 19(5), 3357-3370.
• Li, Z., Rios, A. L. G., & Trajković, L. (2020, October). Detecting internet worms, ransomware, and blackouts using recurrent neural networks. In 2020 IEEE International Conference on Systems, Man, and Cybernetics (SMC) (pp. 2165-2172). IEEE.
• Liao, Q. (2008). Ransomware: a growing threat to SMEs. In Conference Southwest Decision Science Institutes (pp. 1-7). USA: Southwest Decision Science Institutes.
• Liu, Z., Chen, C., Zhang, L. Y., & Gao, S. (2022, September). Working mechanism of Eternalblue and its application in ransomworm. In International Symposium on Cyberspace Safety and Security (pp. 178-191). Cham: Springer International Publishing.
• Mäki, P., Rauti, S., Hosseinzadeh, S., Koivunen, L., & Leppänen, V. (2016, December). Interface diversification in IoT operating systems. In Proceedings of the 9th International Conference on Utility and Cloud Computing (pp. 304-309).
• Maniriho, P., Mahmood, A. N., & Chowdhury, M. J. M. (2022). A study on malicious software behaviour analysis and detection techniques: Taxonomy, current trends and challenges. Future Generation Computer Systems, 130, 1-18.
• McGraw, G., & Morrisett, G. (2000). Attacking malicious code: A report to the infosec research council. IEEE software, 17(5), 33-41.
• Miles, C. (2012). Early History of the Computer Virus. Prof. Dasgupta’s History of Computer Science The Center for Advanced Computer Studies University of Louisiana, 1-8.
• Nair, V. P., Jain, H., Golecha, Y. K., Gaur, M. S., & Laxmi, V. (2010, September). Medusa: Metamorphic malware dynamic analysis usingsignature from api. In Proceedings of the 3rd International Conference on Security of Information and Networks (pp. 263-269).
• Pektaş, A. (2012). Behavior based malicious software detection and classification (Master's thesis, Fen Bilimleri Enstitüsü).
• Quinn, K. (2020). Cybersecurity a simple beginner’s guide to cybersecurity, computer networks and protecting oneself from hacking in the form of phishing, Malware, Ransomware, and Social Engineering, New York.
• Rad, B. B., Masrom, M., & Ibrahim, S. (2012, September). Opcodes histogram for classifying metamorphic portable executables malware. In 2012 International Conference on e-Learning and e-Technologies in Education (ICEEE) (pp. 209-213). IEEE.
• Rauti, S., & Leppänen, V. (2017, October). Internal interface diversification with multiple fake interfaces. In Proceedings of the 10th International Conference on Security of Information and Networks (pp. 245-250).
• Rauti, S., Koivunen, L., Mäki, P., Hosseinzadeh, S., Laurén, S., Holvitie, J., & Leppänen, V. (2018). Internal interface diversification as a security measure in sensor networks. Journal of Sensor and Actuator Networks, 7(1), 12.
• Rehman, Z., Gondal, I., Ge, M., Dong, H., Gregory, M. ve Tari, Z. (2024). Proaktif savunma mekanizması: Çeşitliliğe dayalı hareketli hedef savunması ve siber aldatma yoluyla IoT güvenliğini artırma. Bilgisayarlar ve Güvenlik , 139 , 103685.
• Rodriguez, RJ, Gaston, IR ve Alonso, J. (2016). İzolasyona duyarlı kötü amaçlı yazılımların tespitine yönelik. IEEE Latin Amerika İşlemleri , 14 (2), 1024-1036.
• Schmidt, A. D., Bye, R., Schmidt, H. G., Clausen, J., Kiraz, O., Yuksel, K. A., ... & Albayrak, S. (2009, June). Static analysis of executables for collaborative malware detection on android. In 2009 IEEE International Conference on Communications (pp. 1-5). IEEE.
• Seraj, S., Pavlidis, M., Trovati, M., & Polatidis, N. (2023). MadDroid: malicious adware detection in Android using deep learning. Journal of Cyber Security Technology, 1-28.
• Sharma, A., & Sahay, S. K. (2014). Evolution and detection of polymorphic and metamorphic malwares: A survey. arXiv preprint arXiv:1406.7061.
• Shelby, Z., & Bormann, C. (2011). 6LoWPAN: The wireless embedded Internet. John Wiley & Sons.
• Shelby, Z.; Hartke, K.; Bormann, C. (2014). TheConstrained Application Protocol (CoAP); Internet EngineeringTask Force (IETF): Fremont, CA, USA.
• Shi, C., Peng, J., Zhu, S. ve Ren, X. (2023, Aralık). Pasif Savunmadan Proaktif Savunmaya: Stratejiler ve Teknolojiler. Uluslararası Yapay Zeka Güvenliği ve Gizliliği Konferansında ( s. 190-205). Singapur: Springer Nature Singapur.
• Song, S., Kim, B., & Lee, S. (2016). The effective ransomware prevention technique using process monitoring on android platform. Mobile Information Systems.
• Talukder, S. (2020). Kötü amaçlı yazılım tespiti ve analizine yönelik araçlar ve teknikler. arXiv ön baskı arXiv:2002.06819 .
• Tran, N. P., & Lee, M. (2013, June). High performance string matching for security applications. In International Conference on ICT for Smart Society (pp. 1-5). IEEE.
• Uitto, J., Rauti, S., & Leppänen, V. (2016, April). Practical implications and requirements of diversifying interpreted languages. In Proceedings of the 11th Annual Cyber and Information Security Research Conference (pp. 1-4).
• Van Heerden, R., Von Solms, S., & Vorster, J. (2018, May). Major security incidents since 2014: An African perspective. In 2018 IST-Africa Week Conference (IST-Africa) (pp. Page-1). IEEE.
• Vasudevan, A., & Yerraballi, R. (2006, January). Spike: engineering malware analysis tools using unobtrusive binary-instrumentation. In Proceedings of the 29th Australasian Computer Science Conference-Volume 48 (pp. 311-320).
• Wong, W. (2006). Analysis and detection of metamorphic computer viruses.
• Yiğit, T., & Akyıldız, M. (2014). Sızma Testleri İçin Bir Model Ağ Üzerinde Siber Saldırı Senaryolarının Değerlendirilmesi. Süleyman Demirel Üniversitesi Fen Bilimleri Enstitüsü Dergisi, 18(1), 14-21.
• Yuryna Connolly, L., Wall, D. S., Lang, M., & Oddson, B. (2020). An empirical study of ransomware attacks on organizations: an assessment of severity and salient factors affecting vulnerability. Journal of Cybersecurity, 6(1), tyaa023.
• Zhou, Y., & Jiang, X. (2012, May). Dissecting android malware: Characterization and evolution. In 2012 IEEE symposium on security and privacy (pp. 95-109). IEEE.
• Zuo, Z. H., Zhu, Q. X., & Zhou, M. T. (2005). On the time complexity of computer viruses. IEEE Transactions on information theory, 51(8), 2962-2966.