Phantom Malware: Conceal Malicious Actions From Malware Detection Techniques by Imitating User Activity

DC FieldValueLanguage
dc.contributor.authorWitte, Tim Niklas
dc.date.accessioned2021-12-23T16:06:15Z-
dc.date.available2021-12-23T16:06:15Z-
dc.date.issued2020
dc.identifier.issn21693536
dc.identifier.urihttps://osnascholar.ub.uni-osnabrueck.de/handle/unios/7327-
dc.description.abstractState of the art malware detection techniques only consider the interaction of programs with the operating system's API (system calls) for malware classification. This paper demonstrates that techniques like these are insufficient. A point that is overlooked by the currently existing techniques is presented in this paper: Malware is able to interact with windows providing the corresponding functionality in order to execute the desired action by mimicking user activity. In other words, harmful actions will be masked as simulated user actions. To start with, the article introduces User Imitating techniques for concealing malicious commands of the malware as impersonated user activity. Thereafter, the concept of Phantom Malware will be presented: This malware is constantly applying User Imitating to execute each of its malicious actions. A Phantom Ransomware (ransomware employs the User Imitating for every of its malicious actions) is implemented in C++ for testing anti-virus programs in Windows 10. Software of various manufacturers are applied for testing purposes. All of them failed without exception. This paper analyzes the reasons why these products failed and further, presents measures that have been developed against Phantom Malware based on the test results.
dc.description.sponsorshipDeutsche Forschungsgemeinschaft (DFG)German Research Foundation (DFG); Open Access Publishing Fund of Osnabruck University; The author would like to thank Karsten Hahn for valuable feedback and discussions. He would also like to thank Christian Burmester for the spell check and valuable proofreading. He acknowledge support by Deutsche Forschungsgemeinschaft (DFG) and Open Access Publishing Fund of Osnabruck University.
dc.language.isoen
dc.publisherIEEE-INST ELECTRICAL ELECTRONICS ENGINEERS INC
dc.relation.ispartofIEEE ACCESS
dc.subjectBadUSB
dc.subjectBanking
dc.subjectbehavior blockers
dc.subjectComputer Science
dc.subjectComputer Science, Information Systems
dc.subjectEngineering
dc.subjectEngineering, Electrical & Electronic
dc.subjectGoogle
dc.subjectMalware
dc.subjectMicrosoft Windows
dc.subjectobfuscation
dc.subjectoverlay attacks
dc.subjectPhantoms
dc.subjectransomware
dc.subjectTelecommunications
dc.subjectTrojan horses
dc.subjectUI redressing
dc.subjectuser imitation
dc.subjectUser interfaces
dc.titlePhantom Malware: Conceal Malicious Actions From Malware Detection Techniques by Imitating User Activity
dc.typejournal article
dc.identifier.doi10.1109/ACCESS.2020.3021743
dc.identifier.isiISI:000573012400001
dc.description.volume8
dc.description.startpage164428
dc.description.endpage164452
dc.contributor.orcid0000-0002-8727-9483
dc.publisher.place445 HOES LANE, PISCATAWAY, NJ 08855-4141 USA
dcterms.isPartOf.abbreviationIEEE Access
dcterms.oaStatusgold, Green Submitted
Show simple item record

Page view(s)

4
Last Week
0
Last month
0
checked on Apr 13, 2024

Google ScholarTM

Check

Altmetric