Dazzle-attack: Anti-Forensic Server-side Attack via Fail-Free Dynamic State Machine

Dazzle-attack: Anti-Forensic Server-side Attack via Fail-Free Dynamic State Machine

연구 분야: Strategies

학회: International Conference on Information Security Applications

Server-side malware is one of the prevalent threats that can affect a large number of clients who visit the compromised server. In this paper, we propose DAZZLE-ATTACK, a new advanced server-side attack that is resilient to forensic analysis such as reverse-engineering. DAZZLE-ATTACK retrieves typical (and non-suspicious) contents from benign and uncompromised websites to avoid detection and mislead the investigation to erroneously associate the attacks with benign websites. DAZZLE-ATTACK leverages a specialized state-machine that accepts any inputs and produces outputs with respect to the inputs, which substantially enlarges the input-output space and makes reverse-engineering effort significantly difficult. We develop a prototype of DAZZLE-ATTACK and conduct empirical evaluation of DAZZLE-ATTACK to show that it imposes significant challenges to forensic analysis.