Hydras and IPFS: a decentralised playground for malware

@article{Patsakis2019HydrasAI,
  title={Hydras and IPFS: a decentralised playground for malware},
  author={Constantinos Patsakis and Fran Casino},
  journal={International Journal of Information Security},
  year={2019},
  pages={1-13}
}
Modern malware can take various forms and has reached a very high level of sophistication in terms of its penetration, persistence, communication and hiding capabilities. The use of cryptography, and of covert communication channels over public and widely used protocols and services, is becoming a norm. In this work, we start by introducing Resource Identifier Generation Algorithms. These are an extension of a well-known mechanism called domain generation algorithms, which are frequently… Expand
Encrypted and Covert DNS Queries for Botnets: Challenges and Countermeasures
TLDR
This work showcases that the DNS queries performed by a compromised device are transparent to the network administrator and therefore can be monitored, analysed, and blocked and demonstrates that the latter is a strong assumption as malware could efficiently hide its DNS queries using covert and/or encrypted channels bypassing the detection mechanisms. Expand
Unravelling Ariadne’s Thread: Exploring the Threats of Decentralised DNS
TLDR
This work presents the emerging threat landscape of blockchain-based DNS and empirically validate the threats with real-world data, and explores a part of the blockchain DNS ecosystem in terms of the browser extensions using such technologies, the chain itself, the domains, and users who have been registered in these platforms. Expand
Ransomware as a Service using Smart Contracts and IPFS
TLDR
This work demonstrates how distributed ledgers and the InterPlanetary File System can be used to launch a ransomware as a service campaign, and shows that criminals can transact with affiliates and victims without having to reveal their identity. Expand
Immutability and Decentralized Storage: An Analysis of Emerging Threats
TLDR
Blockchain and the most widely used DFS systems are examined and their main challenges and opportunities are discussed, with special regard to their immutability and its impact on their GDPR compliance. Expand
EvilModel: Hiding Malware Inside of Neural Network Models
  • Zhi Wang, Chaoge Liu, Xiang Cui
  • Computer Science
  • ArXiv
  • 2021
TLDR
A new method to covertly and evasively deliver malware through a neural network model, which shows that 36.9MB of malware can be embedded in a 178MB-AlexNet model within 1% accuracy loss, and no suspicion is raised by anti-virus engines in VirusTotal, which verifies the feasibility of this method. Expand
Delegated content erasure in IPFS
TLDR
An anonymous protocol for delegated content erasure requests in the InterPlanetary File System that could be smoothly integrated into the IPFS to distribute an erasure request among all the IP FS nodes and, ultimately, to fulfil the erasure requirements foreseen in the RtbF. Expand
An Efficient Blockchain-Based Privacy-Preserving Collaborative Filtering Architecture
TLDR
Blockchain is used as the backbone of a decentralized RS, managing to equip it with a broad set of features while simultaneously, preserving user's privacy, and introduces a new architecture, based on decentralized locality sensitive hashing classification as well as a set of recommendation methods, according to how data are managed by users. Expand
Smart Complaint Redressal System Using Ethereum Blockchain
In today's world, more importance is given on the availability of the applications and various websites available in the digital market. People will manage their daily work on time, precisely, veryExpand
Intercepting Hail Hydra: Real-Time Detection of Algorithmically Generated Domains
TLDR
A single, fixed CC is presented that significantly outperforms the current state-of-the-art in terms of both accuracy and efficiency and alleviates biases found in previous literature that deals with small datasets and exploit some characteristic features of particular families. Expand
IPFS and Friends: A Qualitative Comparison of Next Generation Peer-to-Peer Data Networks
TLDR
A technical overview of the next generation data networks is provided, using select data networks to introduce general concepts and to emphasize new developments, and common building blocks are identified and provided. Expand
...
1
2
...

References

SHOWING 1-10 OF 54 REFERENCES
Malware Coordination using the Blockchain: An Analysis of the Cerber Ransomware
TLDR
An entirely new principle of domain generation is described, actively deployed in the Cerber ransomware, which finds and coordinates with its owner based on transaction information in the bitcoin blockchain, which allows the malware author to dynamically update the location of the server in realtime. Expand
Still Beheading Hydras: Botnet Takedowns Then and Now
TLDR
This paper improves an existing takedown analysis system called rza, examines additional botnet takedowns, enhances the risk calculation to use botnet population counts, and performs a postmortem analysis of the recent 3322.org, Citadel, and No-IP takedowns. Expand
Developing a Κ-ary malware using blockchain
TLDR
This paper summarizes techniques adopted by malicious software to avoid functionalities implemented for viral detection and presents the implementation of new viral techniques that leverage the blockchain network. Expand
ZombieCoin 2.0: managing next-generation botnets using Bitcoin
TLDR
This paper presents ZombieCoin, a botnet command-and-control (C&C) mechanism that leverages the Bitcoin network that offers considerable advantages over existing C&C techniques, most notably the fact that Bitcoin is designed to resist the very same takedown campaigns and regulatory processes to combat botnets today. Expand
A Comprehensive Measurement Study of Domain Generating Malware
TLDR
This paper performs a comprehensive measurement study of the DGA landscape by analyzing 43 DGA-based malware families and variants, and presents a taxonomy for DGAs and uses it to characterize and compare the properties of the studied families. Expand
From Throw-Away Traffic to Bots: Detecting the Rise of DGA-Based Malware
TLDR
A new technique to detect randomly generated domains without reversing is presented, finding that most of the DGA-generated domains that a bot queries would result in Non-Existent Domain (NXDomain) responses, and that bots from the same bot-net (with the same DGA algorithm) would generate similar NXDomain traffic. Expand
DGA-Based Botnet Detection Using DNS Traffic
TLDR
This paper presents a new technique to detect DGAs using DNS NXDomain traffic, and shows that this method is of good effectiveness on detecting algorithmically generated domains used by botnets. Expand
Stegobot: A Covert Social Network Botnet
TLDR
Analysis of Stegobot's network throughput indicates that stealthy as it is, it is also functionally powerful - capable of channeling fair quantities of sensitive data from its victims to the botmaster at tens of megabytes every month. Expand
Peer-to-Peer Botnets: Overview and Case Study
TLDR
An overview of peer-to-peer botnets is presented and a case study of a Kademlia-based Trojan is presented, which shows how attackers will move to more resilient architectures in the near future. Expand
Bitcoin: A Peer-to-Peer Electronic Cash System
A purely peer-to-peer version of electronic cash would allow online payments to be sent directly from one party to another without going through a financial institution. Digital signatures provideExpand
...
1
2
3
4
5
...