Open Access Open Access  Restricted Access Subscription or Fee Access

A Proposed Method for Obfuscation of Malicious Traffic in a Compromised Network Using a Wireshark Simulator


(*) Corresponding author


Authors' affiliations


DOI: https://doi.org/10.15866/iremos.v17i1.24663

Abstract


The importance of information security has become very critical in the era of digital transformation, especially as encryption processes become more complex, and thus, in return, there is a stronger willingness on the part of saboteurs to penetrate them. This paper presents an obfuscation method to hide traffic and simulate stealth penetration of computer networks by creating a dropper to execute client instructions directly in memory to avoid static anti-virus analysis when the server code sends encrypted shell commands to the client code (in the victim machine) which will execute the shell command and encrypt the output, before sending it back to the attacker's server code. The Advanced Encryption Standard (AES) encryption algorithm has been used due to its strength and durability, and it is not easy to decrypt, especially with the activation of the Cipher block chaining CBC and choosing a random initiation vector value. The Wireshark latest version simulation program has been used for monitoring traffic by applying the proposed method model, which has been developed by using Python language. The results have demonstrated the effectiveness of the possibility of using it in computer network security operations.
Copyright © 2024 Praise Worthy Prize - All rights reserved.

Keywords


Malicious; Shell Commands; Victim Server; Initial Vector; CBC; AES; Shannon Entropy

Full Text:

PDF


References


P. Shukla; A.Aljaedi, P.Pareek, A.Alharbi, S.Jamal, "AES Based White Box Cryptography in Digital Signature Verification", Sensors.22. MPDI. 2022.
https://doi.org/10.3390/s22239444

Y. Alslman, A.Ahmad, Y.AbuHour. "Enhanced and authenticated cipher block chaining mode". Bulletin of Electrical Engineering and Informatics, Vol. 12, No. 4, pp. 2357-2362. ISSN: 2302-9285. 2023.
https://doi.org/10.11591/beei.v12i4.5113

R. Simon, D. Richard, W. Buchanan "Comparison of Entropy Calculation Methods for Ransomware Encrypted File Identification." Entropy. 24(10),1503. MDPI 2022.
https://doi.org/10.3390/e24101503

Khatkar, M., Kumar, K., Kumar, B., Design and Analysis of Intrusion Detection System Based on Ensemble Deep Neural Network and XAI, (2023) International Review on Modelling and Simulations (IREMOS), 16 (3), pp. 129-136.
https://doi.org/10.15866/iremos.v16i3.23437

Amrulloh, M., Ahmad, T., Fuzzy Logic and the Greatest Common Divisor on Audio-Based Data Hiding Method, (2022) International Review on Modelling and Simulations (IREMOS), 15 (3), pp. 172-178.
https://doi.org/10.15866/iremos.v15i3.22235

Al-Kahla, W., Taqieddin, E., Shatnawi, A., Chaos-Based Fast Image Encryption Scheme with Double Zigzag Permutation and Secure SHA256, (2022) International Journal on Communications Antenna and Propagation (IRECAP), 12 (2), pp. 128-138.
https://doi.org/10.15866/irecap.v12i2.21418

Sankar, V., Devi, M., Jayakumar, M., Guided Data Augmentation Scheme Combined with Adaptive Evolutionary Algorithm for Hardware Trojan Detection to Enhance Communication Security, (2022) International Journal on Communications Antenna and Propagation (IRECAP), 12 (4), pp. 251-260.
https://doi.org/10.15866/irecap.v12i4.21578

Vaishnavi Sankar; M Nirmala Devi.; M Jayakumar. "Data Augmented Hardware Trojan Detection Using Label Spreading Algorithm Based Transductive Learning for Edge Computing-Assisted IoT Devices". IEEE Access (IEEE Access)-Vol. 10, pp 102789-102803. 2022.
https://doi.org/10.1109/ACCESS.2022.3209705

V. Sankar, B. S, N. D. M and J. M, "Reliability Enhancement of Hardware Trojan Detection using Histogram Augmentation Technique," 2023 36th International Conference on VLSI Design and 2023 22nd International Conference on Embedded Systems (VLSID), Hyderabad, India, 2023, pp. 365-370.
https://doi.org/10.1109/VLSID57277.2023.00079

J. Vidal, M. Antonio, S. Monge. "Obfuscation of Malicious Behaviors for Thwarting Masquerade Detection Systems Based on Locality Features". Sensors, 20(7), 2084, (2020).
https://doi.org/10.3390/s20072084

S.Hashim, R.Enad, A.Al-khafagi, N.Abdalhameed. "The facilities of detection by using a tool of Wireshark". Indonesian Journal of Electrical Engineering and Computer Science, Vol. 31, Iss: 1, pp 329-339, 01 Jul 2023.
https://doi.org/10.11591/ijeecs.v31.i1.pp329-336

Z.Wang, k.Fok, L.Vrizlynn, L.Thing. "Machine Learning for Encrypted Malicious Traffic Detection: Approaches, Datasets, and Comparative Study". Computers & Security, Volume 113, 102542 Elsevier. 2022.
https://doi.org/10.1016/j.cose.2021.102542

B. Anderson, D. McGrew "Machine Learning for Encrypted Malware Traffic Classification Accounting for Noisy Labels and Non-Stationarity". The 23rd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining Machine Learning for Encrypted Malware Traffic Classification: P-P 1723-1732. 2017.
https://doi.org/10.1145/3097983.3098163

H.Yao; C.Liu; P.Zhang; S.Wu; C.Jiang. "Identification of Encrypted Traffic Through Attention Mechanism Based Long Short Term Memory", IEEE Transactions on Big Data. Volume 8, Issue: 1, 2022.
https://doi.org/10.1109/TBDATA.2019.2940675

I. Daniel, O.Matej, P.Hanacek, "NBA of Obfuscated Network Vulnerabilities' Exploitation Hidden into HTTPS Traffic" The 9th International Conference for Internet Technology and Secured Transactions (ICITST), 11, no. 3, pp. 310-317, 2014.

I. Hafeez; M. Antikainen; A. Ding; S.Tarkoma " Edge Machine Learning to Detect Malicious Activity in IoT Devices through System Calls and Traffic Analysis" IEEE Transactions on Network and Service Management, Volume 17, Issue: 1. 2023.

G.Bovenzi; G.Aceto; D.Ciuonzo; V.Persico; A.Pescap. "A Hierarchical Hybrid Intrusion Detection Approach in IoT Scenarios" GLOBECOM -2020 IEEE Global Communications Conference. 2020.
https://doi.org/10.1109/GLOBECOM42002.2020.9348167

L.GuTing, D.Zhou. "A Deep Learning-Based Model for Classifying Malicious Network Traffic" In book: Applied Mathematics, Modeling and Computer Simulation. P-P 407-415. 2022.
https://doi.org/10.3233/ATDE221055

L. Liu, S.Yu, X. Yu. "Network Traffic Obfuscation against Traffic Classification". Security and Communication Networks-Vol. 1. pp 1-14. 2022.
https://doi.org/10.1155/2022/3104392

A. Redondo, D. Insua, D. Ríos "Protecting From Malware Obfuscation Attacks Through Adversarial Risk Analysis". Risk Analysis (John Wiley & Sons, Ltd)-Vol.40, Iss: 12, pp 2598-2609, 2020.
https://doi.org/10.1111/risa.13567

G.Ren, G.Chen. Accurate Encrypted Malicious Traffic Identification via Traffic Interaction Pattern Using Graph Convolutional Network" Applied Science (MPDI) -Applied Sciences, <Vol. 13, Iss: 3, pp 1483-1483. 2023.
https://doi.org/10.3390/app13031483

D. Abreu, A Abelem. " Online ML-Based IoT Network Attack Detection and Classification System". Computer Science Networking and Internet Architecture, arXiv:2302.09225 Cornel University. pp 1-6. 2022.
https://doi.org/10.1109/LATINCOM56090.2022.10000544

T.Carrier, P.Victor, A.Tekeoglu, A. Lashkari. "Detecting Obfuscated Malware using Memory Feature Engineering". The 8th International Conference on Information Systems Security and Privacy (ICISSP), p-p 177-188. 2022.
https://doi.org/10.5220/0010908200003120

A.Pruteanu. Text Book: "Becoming the Hacker: The Playbook for Getting Inside the Mind of the Attacker". Packt Publishing (ISBN:9781788623759, 1788623754). 2019.

J. Shahid, M.Hameed, I.Javed, K.Qureshi, M. Ali and N. Crespi. "A Comparative Study of Web Application Security Parameters". Current Trends and Future Directions. Applied Sciences, 12, 4077 (2022).
https://doi.org/10.3390/app12084077

M. Vidal, S. Monge, M.Monterrubio, M. EsPADA. " Enhanced Payload Analyzer for malware Detection robust against Adversarial threats. Future Gener" MDPI Journal. DPMI. Comput. Syst, 104, 159-173. (2020).
https://doi.org/10.1016/j.future.2019.10.022

An Alazab, A. Khraisat, M.Alazab, S Singh. Detection of Obfuscated Malicious JavaScript Code". School of Information Technology and Engineering, Melbourne Institute of Technology, Melbourne, VIC 3000, Australia Future Internet 2022, 14(8), 21.
https://doi.org/10.3390/fi14080217

X.Bingfeng , H.Gaofeng, H. Zhu." ME-Box: A reliable method to detect malicious encrypted traffic". Journal of Information Security and Applications Volume 59, 102823. (2021).
https://doi.org/10.1016/j.jisa.2021.102823

B.Ayyoub, B. Zahran, M.nisiratmahdi, M. Al-khawaldah "A proposed cloud-based biller's hub using a secured e-payments system". TELKOMNIKA (Telecommunication Computing Electronics and Control) 19(1): 339-348, (2021).
https://doi.org/10.12928/telkomnika.v19i1.15879

B.Ayyoub, A.Abu-Ein, B.Zahran, J.Nader,O.Al-Hazaimeh, "Enhance Linux Security Server Misconfigurations and Hardening Methods", Information Sciences Letters 12(3):1285-1298 Inf. Sci. Lett. 12, No. 3, 1-14 (2023).
https://doi.org/10.18576/isl/120319

B.Dodiya, S.Vikram,U.Umesh K. Singh, ."Malicious Traffic analysis using Wireshark by a collection of Indicators of Compromise", International Journal of Computer Applications (0975- 8887) Volume 183 - No. 53 (2022).
https://doi.org/10.5120/ijca2022921876

B. Zahran, B.Ayyoub, W. Abu-Ain, W. Hadid and S. Al-Hawarye." A fuzzy-based model for rainfall prediction". "International Journal of Data and Network Science", 7. 97-106 (2023).
https://doi.org/10.5267/j.ijdns.2022.12.001


Refbacks

  • There are currently no refbacks.



Please send any question about this web site to info@praiseworthyprize.com
Copyright © 2005-2024 Praise Worthy Prize