DocumentCode :
1785264
Title :
Bacterial quorum sensing for coordination of targeted malware
Author :
Fioravanti, Mark E. ; Ford, Richard
Author_Institution :
Dept. of Comput. Sci. & Cybersecurity, Florida Inst. of Technol., Meblourne, FL, USA
fYear :
2014
fDate :
28-30 Oct. 2014
Firstpage :
101
Lastpage :
108
Abstract :
Bacterial Quorum Sensing is a process that bacteria use to determine their local population density. Based on this determination, individual bacterial cells may alter their survival strategies to those strategies which benefit the cell the most [1, 5, 12]. For example, bacteria utilize quorum sensing to determine if the cell would benefit more from either asocial or social strategies. Alone, a single cell is vulnerable, but in a community they represent a threat capable of overwhelming a host´s immune system. Most importantly, most quorum sensing approaches use commonly-encountered chemicals for sensing; due to their ubiquity, these quorum signals do not become useful for determining if an object is a bacterium; rather, they speak to the local population density. Similarly, malware has demonstrated a variety of techniques to communicate and to evade detection, and like bacteria, survival strategies can also depend on population density. As such, malware could utilize the bacterial quorum sensing system as a method of communication which has the potential to allow targeted malware to communicate and coordinate activities. Furthermore, inspired by bacterial quorum sensing, malware could use signals that are already common in the computing environment in a way that does not provide actionable remediation intelligence to network defenders. Thus, the use of a bacterial quorum sensing mechanism instead of another distributed algorithm allows the malware to leverage self-organizing properties that are based to the number of infected hosts on a network without exposing individually infected hosts to targeted remediation. This paper demonstrates and implements a digital version of the quorum sensing system through a timing covert channel [9], and uses statistical tests to determine if a signal is present. We argue that just as for bacteria, the digital quorum sensing signal is not useful for determining if a particular host is infected; as such, it is an attractive choice - or malware authors.
Keywords :
invasive software; bacterial cells; bacterial quorum sensing; digital quorum sensing signal; targeted malware coordination; timing covert channel; Communities; Immune system; Malware; Microorganisms; Sensors; Sociology; Statistics;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Malicious and Unwanted Software: The Americas (MALWARE), 2014 9th International Conference on
Conference_Location :
Fajardo, PR
Print_ISBN :
978-1-4799-7328-6
Type :
conf
DOI :
10.1109/MALWARE.2014.6999405
Filename :
6999405
Link To Document :
https://search.ricest.ac.ir/dl/search/defaultta.aspx?DTC=49&DC=1785264
بازگشت