Skip to main content
Disciplines
Automotive Business IT + Informatics Construction + Real Estate Electrical Engineering + Electronics Energy + Sustainability Insurance + Risk Finance + Banking Management + Leadership Marketing + Sales Mechanical Engineering + Materials
Events
DE
EN
Books
Journals
Topic Page
Marketing
Start single access now
Access for companies
EXTENDED SEARCH
Log in
Top
Published in:
Big Data and Internet of Things Security and Forensics: Challenges and Opportunities Read chapter Read first chapter

2019 | OriginalPaper | Chapter

A Cyber Kill Chain Based Analysis of Remote Access Trojans

Authors : Reyhaneh HosseiniNejad, Hamed HaddadPajouh, Ali Dehghantanha, Reza M. Parizi

Published in: Handbook of Big Data and IoT Security

Publisher: Springer International Publishing

Log in

Activate our intelligent search to find suitable subject content or patents.

search-config
loading …

Abstract

Computer networks and industrial systems are always under cyber threat and attack. Existing vulnerabilities in different parts of systems have given cyber attackers the opportunity to think about attacking, damaging or hindering the working process of important infrastructures of the country. Figuring out these threats and weak points which are used by malwares like Trojans, considering the evolution of used techniques for preventing identification and ways to identify, is a big challenge. Having a destructive hierarchy can help identification and risk mitigation strategies. In this paper, we have analyzed a hierarchy based on characteristics of remote-controlled malwares using 477 Trojans collected from real-world samples, using different methods of assessment. The carried out analysis used one of the popular models for identifying cyber threats named Cyber Kill Chain. We proposed a hierarchy based on dataset sample in different stage of malware lifecycle.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

inform now
previous chapter Analysis of APT Actors Targeting IoT and Big Data Systems: Shell_Crew, NetTraveler, ProjectSauron, CopyKittens, Volatile Cedar and Transparent Tribe as a Case Study
next chapter Evaluation and Application of Two Fuzzing Approaches for Security Testing of IoT Applications
Appendix
Available only for authorised users
Footnotes
1
Industrial control system cyber defense triage process.
 
Literature
1.
S. Walker-Roberts, M. Hammoudeh, and A. Dehghantanha, “A Systematic Review of the Availability and Efficacy of Countermeasures to Internal Threats in Healthcare Critical Infrastructure,” IEEE Access, vol. 6, pp. 25167–25177, 2018.
2.
M. Conti, A. Dehghantanha, K. Franke, and S. Watson, “Internet of Things security and forensics: Challenges and opportunities,” Futur. Gener. Comput. Syst., vol. 78, pp. 544–546, 2018.
3.
H. H. Pajouh, A. Dehghantanha, R. Khayami, and K. K. R. Choo, “Intelligent OS X malware threat detection with code inspection,” J. Comput. Virol. Hacking Tech., pp. 1–11, 2017.
4.
L. Chen, T. Li, M. Abdulhayoglu, and Y. Ye, “Intelligent malware detection based on file relation graphs,” in Proceedings of the 2015 IEEE 9th International Conference on Semantic Computing (IEEE ICSC 2015), 2015, pp. 85–92.
5.
A. Azmoodeh, A. Dehghantanha, M. Conti, and K.-K. R. Choo, “Detecting crypto-ransomware in IoT networks based on energy consumption footprint,” J. Ambient Intell. Humaniz. Comput., vol. 0, no. 0, p. 0, 2017.
6.
H. Haddad Pajouh, R. Javidan, R. Khayami, D. Ali, and K.-K. R. Choo, “A Two-layer Dimension Reduction and Two-tier Classification Model for Anomaly-Based Intrusion Detection in IoT Backbone Networks,” IEEE Trans. Emerg. Top. Comput., vol. 6750, no. c, pp. 1–1, 2016.
7.
S. Homayoun, A. Dehghantanha, M. Ahmadzadeh, S. Hashemi, and R. Khayami, “Know Abnormal, Find Evil: Frequent Pattern Mining for Ransomware Threat Hunting and Intelligence,” IEEE Trans. Emerg. Top. Comput., vol. 6750, no. c, pp. 1–11, 2017.
8.
H. HaddadPajouh, A. Dehghantanha, R. Khayami, and K. K. R. Choo, “A deep Recurrent Neural Network based approach for Internet of Things malware threat hunting,” Futur. Gener. Comput. Syst., vol. 85, pp. 88–96, 2018.
9.
A. Azmoodeh, A. Dehghantanha, and K.-K. R. Choo, “Robust Malware Detection for Internet Of (Battlefield) Things Devices Using Deep Eigenspace Learning,” IEEE Trans. Sustain. Comput., vol. 3782, no. c, pp. 1–1, 2018.
10.
M. Damshenas, A. Dehghantanha, and R. Mahmoud, “A Survey on Malware propagation, analysis and detection,” Int. J. Cyber-Security Digit. Forensics, vol. 2, no. 4, pp. 10–29, 2013.
11.
12.
A. Shalaginov, S. Banin, A. Dehghantanha, and K. Franke, Machine learning aided static malware analysis: A survey and tutorial, vol. 70. 2018.
13.
J. Baldwin and A. Dehghantanha, “for Opcode Density Based Detection of Crypto-Ransomware,” 2018.
14.
M. Hopkins and A. Dehghantanha, “Exploit Kits: The production line of the Cybercrime economy?,” 2015 2nd Int. Conf. Inf. Secur. Cyber Forensics, InfoSec 2015, pp. 23–27, 2016.
15.
A. Khalilian, A. Baraani, “An Investigation and Comparison of Metamorphic Virus Detection and Current Challenges.,” Biannu. J. Monadi Cybersp. Secur., 2014.
16.
17.
Mcafee, “McAfee Labs Threat Report,” no. December, p. 50, 2016.
18.
D. Kiwia, A. Dehghantanha, K.-K. R. Choo, and J. Slaughter, “A cyber kill chain based taxonomy of banking Trojans for evolutionary computational intelligence,” J. Comput. Sci., Nov. 2017.
19.
G. Canfora, F. Mercaldo, C. A. Visaggio, and P. Di Notte, “Metamorphic Malware Detection Using Code Metrics,” Inf. Secur. J. A Glob. Perspect., vol. 23, no. 3, pp. 57–67, May 2014.
20.
S. Wu, S. Liu, W. Lin, X. Zhao, and S. Chen, “Detecting Remote Access Trojans through External Control at Area Network Borders,” Proc. - 2017 ACM/IEEE Symp. Archit. Netw. Commun. Syst. ANCS 2017, pp. 131–141, 2017.
21.
S. Shin, J. Jung, and H. Balakrishnan, “Malware prevalence in the KaZaA file-sharing network,” in Proceedings of the 6th ACM SIGCOMM on Internet measurement - IMC ‘06, 2006, no. May, p. 333.
22.
S. Mohtasebi and A. Dehghantanha, “A Mitigation Approach to the Malwares Threats of Social Network Services,” Muktimedia Inf. Netw. Secur., pp. 448–449, 2009.
23.
X. M. Wang, Z. B. He, X. Q. Zhao, C. Lin, Y. Pan, and Z. P. Cai, “Reaction-diffusion modeling of malware propagation in mobile wireless sensor networks,” Sci. China Inf. Sci., vol. 56, no. 9, pp. 1–18, 2013.
24.
D. Jiang and K. Omote, “A RAT detection method based on network behavior of the communication’s early stage,” IEICE Trans. Fundam. Electron. Commun. Comput. Sci., vol. E99A, no. 1, pp. 145–153, 2016.
25.
M. N. Kondalwar and C. J. Shelke, “Remote Administrative Trojan/Tool (RAT),” Int. J. Comput. Sci. Mob. Comput., vol. 3333, no. 3, pp. 482–487, 2014.
26.
D. Jiang and K. Omote, “An approach to detect remote access trojan in the early stage of communication,” Proc. - Int. Conf. Adv. Inf. Netw. Appl. AINA, vol. 2015–April, pp. 706–713, 2015.
27.
U. Losche, M. Morgenstern, and H. Pilz, “Platform Independent Malware Analysis Framework,” Proc. - 9th Int. Conf. IT Secur. Incid. Manag. IT Forensics, IMF 2015, pp. 109–113, 2015.
28.
29.
A. Shabtai, L. Tenenboim-Chekina, D. Mimran, L. Rokach, B. Shapira, and Y. Elovici, “Mobile malware detection through analysis of deviations in application network behavior,” Comput. Secur., vol. 43, pp. 1–18, Jun. 2014.
30.
M. Lindorfer, C. Kolbitsch, and P. M. Comparetti, “Detecting environment-sensitive malware,” in International Workshop on Recent Advances in Intrusion Detection, 2011, vol. 2011, pp. 338–357.
31.
A. Karim, S. Adeel, A. Shah, and R. Salleh, “New Perspectives in Information Systems and Technologies, Volume 2,” vol. 276, pp. 153–164, 2014.
32.
X. Ugarte-Pedrero, D. Balzarotti, I. Santos, and P. G. Bringas, “SoK: Deep packer inspection: A longitudinal study of the complexity of run-time packers,” Proc. - IEEE Symp. Secur. Priv., vol. 2015–July, pp. 659–673, 2015.
33.
B. B. Gupta, A. Tewari, A. K. Jain, and D. P. Agrawal, “Fighting against phishing attacks: state of the art and future challenges,” Neural Comput. Appl., vol. 28, no. 12, pp. 3629–3654, Dec. 2017.
34.
M. Nawir, A. Amir, N. Yaakob, and O. B. Lynn, “Internet of Things (IoT): Taxonomy of security attacks,” 2016 3rd Int. Conf. Electron. Des., pp. 321–326, 2016.
35.
A. Cook, H. Janicke, R. Smith, and L. Maglaras, “The industrial control system cyber defence triage process,” Comput. Secur., vol. 70, pp. 467–481, 2017.
36.
T. Who and E. T. Hunting, “Interested in learning SANS Institute InfoSec Reading Room The Who, What, Where, When, Why and How of.”
37.
T. Yadav and A. M. Rao, “Technical aspects of cyber kill chain,” in International Symposium on Security in Computing and Communication, 2015, pp. 438–452.
38.
S. Attaluri, “Detecting Metamorphic Viruses Using Profile Hidden Markov Models,” no. December, 2007.
39.
B. Kolosnjaji, A. Zarras, G. Webster, and C. Eckert, “Deep Learning for Classification of Malware System Call Sequences.”
40.
T. Yadav and P. Szor, “The art of computer virus research and defense,” Choice Rev. Online, vol. 43, no. 03, pp. 43–1613–43–1613, Nov. 2005.
41.
M. Egele, T. Scholte, E. Kirda, and C. Kruegel, “A survey on automated dynamic malware-analysis techniques and tools,” ACM Comput. Surv., vol. 44, no. 2, pp. 1–42, 2012.
42.
F. Daryabar, A. Dehghantanha, and N. I. Udzir, “Investigation of bypassing malware defences and malware detections,” in Information Assurance and Security (IAS), 2011 7th International Conference on, 2011, pp. 173–178.
43.
M. Assante and R. Lee, “Interested in learning SANS Institute InfoSec Reading Room System Cyber Kill Chain,” 2015.
44.
S. Khattak, N. R. Ramay, K. R. Khan, A. A. Syed, and S. A. Khayam, “A Taxonomy of botnet behavior, detection, and defense,” IEEE Commun. Surv. Tutorials, vol. 16, no. 2, pp. 898–924, 2014.
45.
A. Buescher, F. Leder, and T. Siebert, “Banksafe Information Stealer Detection Inside the Web Browser,” in Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 6961 LNCS, Springer, 2011, pp. 262–280.
46.
A. Stewart, “DLL Side-Loading: A Thorn in the Side of the Anti-Virus (AV) Industry,” FireEye, Inc, 2014.
Metadata
Title
A Cyber Kill Chain Based Analysis of Remote Access Trojans
Authors
Reyhaneh HosseiniNejad
Hamed HaddadPajouh
Ali Dehghantanha
Reza M. Parizi
Copyright Year
2019
Book
Handbook of Big Data and IoT Security

Print ISBN: 978-3-030-10542-6

Electronic ISBN: 978-3-030-10543-3

Copyright Year: 2019

DOI
https://doi.org/10.1007/978-3-030-10543-3_12

Premium Partner

    Image Credits