Dark Application Communities

Stavrou, Angelos; Locasto, Michael E.; Keromytis, Angelos D.

In considering new security paradigms, it is often worthwhile to anticipate the direction and nature of future attack paradigms. We identify a class of attacks based on the idea of a "Dark" Application Community (DAC) - a collection of bots and zombie machines that actively performs binary-level supervision of applications to help an attacker automate the process of finding vulnerabilities. A collection of such hosts can observe and attempt to influence the behavior of automatic defense systems. An attacker can use the DAC as both a test platform for subverting security applications and as a reconnaissance network for exploiting commonly deployed automatic update and early warning systems. An instance of this type of Application Community can host what we call an automorphic worm. An automorphic worm is application-agnostic and vulnerability-generic. Such a worm attempts to remain stealthy by cycling through the portfolio of vulnerabilities that the DAC has identified. We examine the underlying principles of a DAC, which are based on the existing paradigm of using security tools to help violate security.



Also Published In

Proceedings of the 2006 workshop on New Security Paradigms

More About This Work

Academic Units
Computer Science
Published Here
July 11, 2012