Home // CYBER 2022, The Seventh International Conference on Cyber-Technologies and Cyber-Systems // View article

Sterilized Persistence Vectors (SPVs): Defense Through Deception on Windows Systems

Authors:
Nicholas Phillips
Aisha Ali-Gombe

Keywords: Malware, Computer Security, Reverse Engineering, Persistence, Rootkit

Abstract:
The vicious cycle of malware attacks on infrastructures and systems has continued to escalate despite organizations' tremendous efforts and resources in preventing and detecting known threats. One reason is that standard reactionary practices such as defense-in-depth are not as adaptive as malware development. By utilizing zero-day system vulnerabilities, malware can successfully subvert preventive measures, infect its targets, establish a persistence strategy, and continue to propagate, thus rendering defensive mechanisms ineffective. In this paper, we propose sterilized persistence vectors (SPVs) - a proactive Defense by Deception strategy for mitigating malware infections that leverages a benign rootkit to detect changes in persistence areas. Our approach generates SPVs from infection-stripped malware code and utilizes them as persistent channel blockers for new malware infections. We performed an in-depth evaluation of our approach on Windows systems versions 7 and 10 by infecting them with 1000 different malware samples after training the system with 1000 additional samples to fine-tune the learning algorithms. Our results, based on a memory analysis of pre-and post-SPV infections, indicate that the proposed approach can successfully defend systems against new infections by rendering the malicious code ineffective and inactive without persistence.

Pages: 56 to 61

Copyright: Copyright (c) IARIA, 2022

Publication date: November 13, 2022

Published in: conference

ISSN: 2519-8599

ISBN: 978-1-61208-996-6

Location: Valencia, Spain

Dates: from November 13, 2022 to November 17, 2022