Filtern
Erscheinungsjahr
- 2015 (26) (entfernen)
Dokumenttyp
- Konferenzveröffentlichung (26) (entfernen)
Schlagworte
- Alternative Geschäftsmodelle (1)
- Bionik (1)
- Continuous Queries (1)
- Crowdfunding (1)
- Datalog (1)
- Deductive Databases (1)
- Elastizitätsmodul (1)
- Gespenstschrecken (1)
- Haftorgan (1)
- Incremental Evaluation (1)
Steganography, the art of concealing information in different types of medias, is a very old practice. Yet, it only recently started being used by malware operators on a large scale. Malware programmers and operators are increasing their efforts in developing covert communication channels between infected computers and their command and control servers. In addition to steganography, recent examples include hiding communication in inconspicuous network traffic such as DNS queries or HTTP 404 error messages.
When used properly, these covert communication channels can bypass many automated detection mechanisms and render malware communication difficult to detect and block. From an attacker's perspective, covert communication channels are a valuable addition because they allow messages to blend in with legitimate traffic and thus significantly lower the chance of being detected even when inspected by a human analyst.
This presentation studies recent advances in covert communication channels used by real-world malware. First, we will show how steganography has recently been used in three different malware families (Stegoloader, Vawtrak, and Lurk). We will dive into the implementation details on how steganography is implemented and discuss the strengths and weaknesses of each approach. Furthermore, we will detail and compare the usage of inconspicuous carrier protocols for covert communication channels in malware. Examples will span commodity cybercrime as well as targeted attack malware.
The cases that are discussed in this presentation are based on real life incidents. While it is easy to speculate how covert communication channels might be used by malicious actors, documentation of real-world cases is sparse. Yet covert communication channels have arrived in both, the commodity cybercrime and targeted attack world. It is thus vital to understand the status-quo and identify current trends in cybercriminal and targeted attack malware. As such, we believe that it is mandatory to highlight what is currently being used in the wild.
Adhesive organs like arolia of insects allow these animals to climb on different substrates by creating high adhesion forces. According to the Dahlquist criterion, arolia must be very soft exhibiting an effective Young's modulus of below 100 kPa to adhere well to different substrates. In previous studies the effective Young´s moduli of adhesive organs were determined using indentation tests yielding their structure to be very soft indeed. However, arolia show a layered structure, thus the values measured by indentation tests comprise the effective Young´s moduli of the whole organs. In this study, a new approach is illustrated to measure the Young´s modulus of the outermost layer of the arolium, i.e. of the epicuticle, of the stick insect Carausius morosus by tensile testing. Due to the inner fibrous structure of the arolium tensile tests allow the characterisation of the overlying epicuticle.
We investigate the possibility to use update propagation methods for optimizing the evaluation of continuous queries. Update propagation allows for the efficient determination of induced changes to derived relations resulting from an explicitly performed base table update. In order to simplify the computation process, we propose the propagation of updates with different degrees of granularity which corresponds to an incremental query evaluation with different levels of accuracy. We show how propagation rules for diferent update granularities can be systematically derived, combined and further optimized by using Magic Sets. This way, the costly evaluation of certain subqueries within a continuous query can be systematically circumvented allowing for cutting down on the number of pipelined tuples considerably.