1
views
0
recommends
+1 Recommend
0 collections
    0
    recommends
      • Record: found
      • Abstract: found
      • Article: found
      Is Open Access

      Hydras and IPFS: A Decentralised Playground for Malware

      Preprint
      ,

      Read this article at

      Bookmark
          There is no author summary for this article yet. Authors can add summaries to their articles on ScienceOpen to make them more accessible to a non-specialist audience.

          Abstract

          Modern malware can take various forms, and has reached a very high level of sophistication in terms of its penetration, persistence, communication and hiding capabilities. The use of cryptography, and of covert communication channels over public and widely used protocols and services, is becoming a norm. In this work, we start by introducing Resource Identifier Generation Algorithms. These are an extension of a well-known mechanism called Domain Generation Algorithms, which are frequently employed by cybercriminals for bot management and communication. Our extension allows, beyond DNS, the use of other protocols. More concretely, we showcase the exploitation of the InterPlanetary file system (IPFS). This is a solution for the "permanent web", which enjoys a steadily growing community interest and adoption. The IPFS is, in addition, one of the most prominent solutions for blockchain storage. We go beyond the straightforward case of using the IPFS for hosting malicious content, and explore ways in which a botmaster could employ it, to manage her bots, validating our findings experimentally. Finally, we discuss the advantages of our approach for malware authors, its efficacy and highlight its extensibility for other distributed storage services.

          Related collections

          Most cited references15

          • Record: found
          • Abstract: not found
          • Article: not found

          Internet of Things, Blockchain and Shared Economy Applications

            Bookmark
            • Record: found
            • Abstract: not found
            • Article: not found

            Detecting Algorithmically Generated Domain-Flux Attacks With DNS Traffic Analysis

              Bookmark
              • Record: found
              • Abstract: not found
              • Article: not found

              A LSTM based framework for handling multiclass imbalance in DGA botnet detection

                Bookmark

                Author and article information

                Journal
                28 May 2019
                Article
                1905.11880
                df2c8b6e-8eb9-415f-a641-3b376c55301b

                http://arxiv.org/licenses/nonexclusive-distrib/1.0/

                Custom metadata
                Accepted for publication to International Journal of Information Security
                cs.CR

                Security & Cryptology
                Security & Cryptology

                Comments

                Comment on this article