Automated blocking of malicious code with NDIS intermediate driver

Lee Ling Chuan, Chan Lee Yee, Mahamod Ismail, Kasmiran Jumari

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

With the evolution of malware technology, modern malware often hide its malicious behaviour in various methods. One of the popular manners is to conceal the network communication. This concealment technique poses obstacles to security mechanisms, which detecting the malicious behaviours. In this paper, we give an overview of the automated blocking malicious code project, a new approach to computer security via malicious software analysis and automatic blocking software. In particular, this project focuses on building a unified executable program analysis platform and using it to provide novel solutions to a broad spectrum of different security problems. We propose a technique for the Network Driver Interface Specification (NDIS) integrate together with a unified malicious software analysis platform. The NDIS model supports hybrid network transport NDIS drivers, called NDIS intermediate drivers. This driver lies between transport driver and NDIS driver. The advantage of using NDIS intermediate drivers is, it can see the entire network traffic taking place on a system as the drivers lie between protocol drivers and network drivers. By intercepting security-related properties from network traffic directly, our project enables a principled, root cause based approach to computer security, offering novel and effective solutions.

Original languageEnglish
Title of host publicationInternational Conference on Advanced Communication Technology, ICACT
Pages700-704
Number of pages5
Publication statusPublished - 2011
Event13th International Conference on Advanced Communication Technology: Smart Service Innovation through Mobile Interactivity, ICACT 2011 - Gangwon-Do
Duration: 13 Feb 201116 Feb 2011

Other

Other13th International Conference on Advanced Communication Technology: Smart Service Innovation through Mobile Interactivity, ICACT 2011
CityGangwon-Do
Period13/2/1116/2/11

Fingerprint

Specifications
Security of data
Telecommunication networks
Network protocols
Malware

Keywords

  • Interception
  • Malicious Traffic
  • Malware Analysis
  • NDIS Intermediate Driver
  • Network Driver Interface Specification

ASJC Scopus subject areas

  • Electrical and Electronic Engineering

Cite this

Chuan, L. L., Yee, C. L., Ismail, M., & Jumari, K. (2011). Automated blocking of malicious code with NDIS intermediate driver. In International Conference on Advanced Communication Technology, ICACT (pp. 700-704)

Automated blocking of malicious code with NDIS intermediate driver. / Chuan, Lee Ling; Yee, Chan Lee; Ismail, Mahamod; Jumari, Kasmiran.

International Conference on Advanced Communication Technology, ICACT. 2011. p. 700-704.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Chuan, LL, Yee, CL, Ismail, M & Jumari, K 2011, Automated blocking of malicious code with NDIS intermediate driver. in International Conference on Advanced Communication Technology, ICACT. pp. 700-704, 13th International Conference on Advanced Communication Technology: Smart Service Innovation through Mobile Interactivity, ICACT 2011, Gangwon-Do, 13/2/11.
Chuan LL, Yee CL, Ismail M, Jumari K. Automated blocking of malicious code with NDIS intermediate driver. In International Conference on Advanced Communication Technology, ICACT. 2011. p. 700-704
Chuan, Lee Ling ; Yee, Chan Lee ; Ismail, Mahamod ; Jumari, Kasmiran. / Automated blocking of malicious code with NDIS intermediate driver. International Conference on Advanced Communication Technology, ICACT. 2011. pp. 700-704
@inproceedings{2d40dab6d2c3420f89157109471a8dda,
title = "Automated blocking of malicious code with NDIS intermediate driver",
abstract = "With the evolution of malware technology, modern malware often hide its malicious behaviour in various methods. One of the popular manners is to conceal the network communication. This concealment technique poses obstacles to security mechanisms, which detecting the malicious behaviours. In this paper, we give an overview of the automated blocking malicious code project, a new approach to computer security via malicious software analysis and automatic blocking software. In particular, this project focuses on building a unified executable program analysis platform and using it to provide novel solutions to a broad spectrum of different security problems. We propose a technique for the Network Driver Interface Specification (NDIS) integrate together with a unified malicious software analysis platform. The NDIS model supports hybrid network transport NDIS drivers, called NDIS intermediate drivers. This driver lies between transport driver and NDIS driver. The advantage of using NDIS intermediate drivers is, it can see the entire network traffic taking place on a system as the drivers lie between protocol drivers and network drivers. By intercepting security-related properties from network traffic directly, our project enables a principled, root cause based approach to computer security, offering novel and effective solutions.",
keywords = "Interception, Malicious Traffic, Malware Analysis, NDIS Intermediate Driver, Network Driver Interface Specification",
author = "Chuan, {Lee Ling} and Yee, {Chan Lee} and Mahamod Ismail and Kasmiran Jumari",
year = "2011",
language = "English",
isbn = "9788955191554",
pages = "700--704",
booktitle = "International Conference on Advanced Communication Technology, ICACT",

}

TY - GEN

T1 - Automated blocking of malicious code with NDIS intermediate driver

AU - Chuan, Lee Ling

AU - Yee, Chan Lee

AU - Ismail, Mahamod

AU - Jumari, Kasmiran

PY - 2011

Y1 - 2011

N2 - With the evolution of malware technology, modern malware often hide its malicious behaviour in various methods. One of the popular manners is to conceal the network communication. This concealment technique poses obstacles to security mechanisms, which detecting the malicious behaviours. In this paper, we give an overview of the automated blocking malicious code project, a new approach to computer security via malicious software analysis and automatic blocking software. In particular, this project focuses on building a unified executable program analysis platform and using it to provide novel solutions to a broad spectrum of different security problems. We propose a technique for the Network Driver Interface Specification (NDIS) integrate together with a unified malicious software analysis platform. The NDIS model supports hybrid network transport NDIS drivers, called NDIS intermediate drivers. This driver lies between transport driver and NDIS driver. The advantage of using NDIS intermediate drivers is, it can see the entire network traffic taking place on a system as the drivers lie between protocol drivers and network drivers. By intercepting security-related properties from network traffic directly, our project enables a principled, root cause based approach to computer security, offering novel and effective solutions.

AB - With the evolution of malware technology, modern malware often hide its malicious behaviour in various methods. One of the popular manners is to conceal the network communication. This concealment technique poses obstacles to security mechanisms, which detecting the malicious behaviours. In this paper, we give an overview of the automated blocking malicious code project, a new approach to computer security via malicious software analysis and automatic blocking software. In particular, this project focuses on building a unified executable program analysis platform and using it to provide novel solutions to a broad spectrum of different security problems. We propose a technique for the Network Driver Interface Specification (NDIS) integrate together with a unified malicious software analysis platform. The NDIS model supports hybrid network transport NDIS drivers, called NDIS intermediate drivers. This driver lies between transport driver and NDIS driver. The advantage of using NDIS intermediate drivers is, it can see the entire network traffic taking place on a system as the drivers lie between protocol drivers and network drivers. By intercepting security-related properties from network traffic directly, our project enables a principled, root cause based approach to computer security, offering novel and effective solutions.

KW - Interception

KW - Malicious Traffic

KW - Malware Analysis

KW - NDIS Intermediate Driver

KW - Network Driver Interface Specification

UR - http://www.scopus.com/inward/record.url?scp=79955690840&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=79955690840&partnerID=8YFLogxK

M3 - Conference contribution

SN - 9788955191554

SP - 700

EP - 704

BT - International Conference on Advanced Communication Technology, ICACT

ER -