With the growth and diversity of today's malware, performance criteria for a malicious code is reasonably neglected as a topic of interest, but that shouldn't be the case, as "the enemy you know is better than the enemy you don't know". As information warfare and malware often intersect for the purpose of balancing asymmetric forces, or conducting espionage, there're already research initiatives for multi-platform, multi-communication-environment code.
José M. Fernandez and Pierre-Marc Bureau constructively build awareness on how "the best is yet to come" in their research on Optimising Malware :
"In this paper, we address and defend the commonly shared point of view that the worst is very much yet to come. We introduce an aim-oriented performance theory for malware and malware attacks, within which we identify some of the performance criteria for measuring their “goodness” with respect to some of the typical objectives for which they are currently used. We also use the OODA-loop model, a well known paradigm of command and control borrowed from military doctrine, as a tool for organising (and reasoning about) the behavioural characteristics of malware and orchestrated attacks using it. We then identify and discuss particular areas of malware design and deployment strategy in which very little development has been seen in the past, and that are likely sources of increased future malware threats. Finally, we discuss how standard optimisation techniques could be applied to malware design, in order to allow even moderately equipped malicious actors to quickly converge towards optimal malware attack strategies and tools fine-tuned for the current Internet."
They've successfully distinguished the following generic and specific aim-oriented performance criteria :
Generic
- Number of hosts
- Persistence
- Anonymity
Fraud
- Money
- Credibility
Information theft
- Penetration
- Stealth
- Amount of information
- Host location
Access sale
- Upstream bandwidth
- Security
Destruction
- Propagation
- Upstream bandwidth
- Host location
- Damage
Information Warfare
- Speed
- Host Location
- Damage
- Exposure
Taking into consideration the OODA loop concept -- Observation, Orientation, Decision, Action -- the characteristics would get definitely improved with the time.
Related resources and recent posts:
Malware
Virus Outbreak Response Time
Malware Bot Families - Technology and Trends
Malware Statistics on Social Networking Sites
Independent Contractor. Bitcoin: 15Zvie1j8CjSR52doVSZSjctCDSx3pDjKZ Email: dancho.danchev@hush.com OMEMO: ddanchev@conversations.im | OTR: danchodanchev@xmpp.jp | TOX ID: 2E6FCA35A18AA76B2CCE33B55404A796F077CADA56F38922A1988AA381AE617A15D3D3E3E6F1
Friday, September 08, 2006
Benchmarking and Optimising Malware
Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment