Mining malware command and control traces

McLaren, Peter; Russell, Gordon; Buchanan, Bill

doi:10.1109/SAI.2017.8252185

All Outputs (4)

Investigations into Decrypting Live Secure Traffic in Virtual Environments (2019)
Thesis
McLaren, P. W. L. Investigations into Decrypting Live Secure Traffic in Virtual Environments. (Thesis). Edinburgh Napier University. Retrieved from http://researchrepository.napier.ac.uk/Output/2386517

Malicious agents increasingly use encrypted tunnels to communicate with external servers. Communications may contain ransomware keys, stolen banking details, or other confidential information. Rapid discovery of communicated contents through decrypti... Read More about Investigations into Decrypting Live Secure Traffic in Virtual Environments.

Deriving ChaCha20 Key Streams From Targeted Memory Analysis (2019)
Journal Article
McLaren, P., Buchanan, W. J., Russell, G., & Tan, Z. (2019). Deriving ChaCha20 Key Streams From Targeted Memory Analysis. Journal of Information Security and Applications, 48, Article 102372. https://doi.org/10.1016/j.jisa.2019.102372

There can be performance and vulnerability concerns with block ciphers, thus stream ciphers can used as an alternative. Although many symmetric key stream ciphers are fairly resistant to side-channel attacks, cryptographic artefacts may exist in memo... Read More about Deriving ChaCha20 Key Streams From Targeted Memory Analysis.

Decrypting Live SSH Traffic in Virtual Environments (2019)
Journal Article
Mclaren, P., Russell, G., Buchanan, W. J., & Tan, Z. (2019). Decrypting Live SSH Traffic in Virtual Environments. Digital Investigation, 29, 109-117. https://doi.org/10.1016/j.diin.2019.03.010

Decrypting and inspecting encrypted malicious communications may assist crime detection and prevention. Access to client or server memory enables the discovery of artefacts required for decrypting secure communications. This paper develops the MemDe-... Read More about Decrypting Live SSH Traffic in Virtual Environments.

Mining malware command and control traces (2018)
Conference Proceeding
McLaren, P., Russell, G., & Buchanan, B. (2018). Mining malware command and control traces. In Proceedings of the SAI Computing Conference 2017. https://doi.org/10.1109/SAI.2017.8252185

Detecting botnets and advanced persistent threats is a major challenge for network administrators. An important component of such malware is the command and control channel, which enables the malware to respond to controller commands. The detection o... Read More about Mining malware command and control traces.