Abstract
Modern computer systems are built on a foundation of software components from a variety of vendors. While critical applications may undergo extensive testing and evaluation procedures, the heterogeneity of software sources threatens the integrity of the execution environment for these trusted programs. For instance, if an attacker can combine an application exploit with privilege escalation vulnerability, the Operating System (OS) can become corrupted. The importance of ensuring application integrity has been studied in prior study; proposed solutions immediately terminate the application once corruption is detected. Mandatory Access Control (MAC) in a commercial operating system to tackle malware problem is a grand challenge but also a promising approach. The firmest barriers to apply MAC to defeat malware programs are the incompatible and unusable problems in existing MAC systems. The major aim of our study is to address these issues and to analyse 2,600 malware samples and component one by one and two types of MAC enforced operating systems and then design a novel Efficient Malware Detection and Tracer design (EMDT) using Hidden Markov model, which incorporates intrusion detection and tracing in a commercial operating system which leverages efficient coding and authentication schemes with our proposed approach conceptually consists of three actions: detecting, tracing and restricting suspected intruders .The novelty of the proposed study is that it leverages light-weight intrusion detection and tracing techniques to automate security label configuration that is widely acknowledged as a tough issue when applying a MAC system in practice. The other is that, rather than restricting information flow as a traditional MAC does, it traces intruders and restricts only their critical malware behaviours, where intruders represent processes and executables that are potential agents of a remote attacker. Our prototyping and experiments on Windows operating system show that Tracer can effectively defeat all malware samples tested via blocking malware behaviours while not causing a significant compatibility problem.
Highlights
Malicious software (i.e., Malware) has resulted in one of the most severe computer security problems today
Our observations are as follows: The incompatibility problem is introduced because the security labels of existing Mandatory Access Control (MAC) are unable to distinguish between malicious and benign entities, which Causes a huge number of False Positives (FP) preventing many benign software from performing legal operations; the low-usability problem is introduced, because existing MACs are unable to automatically label the huge number of entities in operating systems (OS) and require tough configuration work at end users
We introduce Efficient Malware Detection and Tracer design (EMDT), a novel MAC enforcement approach which integrates intrusion detection and tracing techniques to disable malware on a commercial OS in a compatible and usable manner
Summary
Malicious software (i.e., Malware) has resulted in one of the most severe computer security problems today. Our observations are as follows: The incompatibility problem is introduced because the security labels of existing MACs are unable to distinguish between malicious and benign entities, which Causes a huge number of False Positives (FP) (i.e., treating benign operations as malicious) preventing many benign software from performing legal operations; the low-usability problem is introduced, because existing MACs are unable to automatically label the huge number of entities in OS and require tough configuration work at end users With these investigation results, our main objective is to propose a novel MAC enforcement approach EMDT, this consists of three actions:
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callMore From: Research Journal of Applied Sciences, Engineering and Technology
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
