Home

Dark Application Communities

Michael E. Locasto; Angelos Stavrou; Angelos D. Keromytis

Title:
Dark Application Communities
Author(s):
Locasto, Michael E.
Stavrou, Angelos
Keromytis, Angelos D.
Date:
Type:
Articles
Department:
Computer Science
Permanent URL:
Book/Journal Title:
Proceedings of the 2006 workshop on New Security Paradigms
Publisher:
ACM
Publisher Location:
New York
Abstract:
In considering new security paradigms, it is often worthwhile to anticipate the direction and nature of future attack paradigms. We identify a class of attacks based on the idea of a "Dark" Application Community (DAC) - a collection of bots and zombie machines that actively performs binary-level supervision of applications to help an attacker automate the process of finding vulnerabilities. A collection of such hosts can observe and attempt to influence the behavior of automatic defense systems. An attacker can use the DAC as both a test platform for subverting security applications and as a reconnaissance network for exploiting commonly deployed automatic update and early warning systems. An instance of this type of Application Community can host what we call an automorphic worm. An automorphic worm is application-agnostic and vulnerability-generic. Such a worm attempts to remain stealthy by cycling through the portfolio of vulnerabilities that the DAC has identified. We examine the underlying principles of a DAC, which are based on the existing paradigm of using security tools to help violate security.
Subject(s):
Computer science
Publisher DOI:
10.1145/1278940.1278943
Item views:
16
Metadata:
View

In Partnership with the Center for Digital Research and Scholarship at Columbia University Libraries/Information Services.