671430
event
1701817881
1701817900
<![CDATA[Ph.D. Proposal Oral Exam - Runze Zhang]]>
Title: Hunter and Gatherer: Gearing Rapid Malware Forensics Towards More Effective Botnet Attack Remediation
Committee:
Dr. Saltaformaggio, Advisor
Dr. Specter, Chair
Dr. Frank Li
]]>
-
-
The objective of the proposed research is to help incident responders mitigate the attacks from advanced botnets with automatic frontend bot forensics pipelines. For decades, law enforcement and commercial entities have attempted botnet takedowns with mixed success. These efforts, relying on DNS sink-holing or seizing C&C infrastructure, require months of preparation and often omit the cleanup of left-over infected machines. This allows botnet operators to push updates to the bots and re-establish their control. Besides, the advanced botnets also empower similar infrastructure to frequently update their frontend bots to perform new attacks and improve attack strategies. In my proposed study, firstly, I expand the goal of botnet takedowns to include the covert and timely removal of frontend bots from infected devices. Specifically, this work proposes seizing the bot's built-in update mechanism to distribute crafted remediation payloads. Besides, focusing on ad-click attacks stemming out of botnet, I also propose to extract attacking strategies from the frontend bots to defend upcoming attacks from the ad platforms’ perspectives actively. In the preliminary studies, I developed GLEAN, an automated malware forensics pipeline that extracts frontend bot payload deployment routines and generates remediation payloads to disable or remove the frontend bots on infected devices. The study of 702 Android bots shows that 523 bots can be remediated via GLEAN's takedown approach, ranging from covertly warning users about bot infection to uninstalling the bot.
]]>
-
-
-
-
-
-
-
-
<![CDATA[]]>
-
-
- 434371
-
1788
-
102851
-
1808