PARDED: a passive malware detection tool focused on rootkits using traffic obfuscation techniques
Abstract
PARDED is a passive malware detection tool, focusing on rootkits that use traffic obfuscation techniques. The system detects malicious behavior through a multi-agent system, installed in the analyzed terminals and in the network infrastructure, verifying suspicious data flows and enriching information with local and remote databases, in addition to having an intuitive visualization interface and generation of traffic blocking rules and cyber threat intelligence, enabling integration with existing conventional defense systems, without affecting the connection performance of the terminals.References
Bromander, S., Jøsang, A., and Eian, M. (2016). Semantic cyberthreat modelling. STIDS, pages 74–78.
Chronicle Security (2023). Virustotal. [link]. Acessado em 15 jul 2023.
Dan (2022). Tor Node List. [link]. Acessado em 12 jul 2023.
Dingledine, R., Mathewson, N., and Syverson, P. (2004). Tor: The second-generation onion router. Technical report, Naval Research Lab Washington DC.
Julian, V. and Botti, V. (2019). Multi-Agent Systems. Applied Sciences (Switzerland), 9(7).
Marques, R. S., Epiphaniou, G., Al-Khateeb, H., Maple, C., Hammoudeh, M., De Castro, P. A. L., Dehghantanha, A., and Choo, K. K. R. (2021). A Flow-based Multi-Agent Data Exfiltration Detection Architecture for Ultra-low Latency Networks. ACM Transactions on Internet Technology, 21(4).
Maxmind (2023). GeoLite2 Free Geolocation Data. [link]. Acessado em 24 Fev 2023.
Schällibaum, J. A. (2019). Nuk3 gh0st. [link]. Acessado em 10 jul 2023.
Terra, M. B. and Gondim, J. J. (2021). NERD: A Network Exfiltration Rootkit Detector based on a Multi-agent Artificial Immune System. 2021 Workshop on Communication Networks and Power Systems, WCNPS 2021.
Tounsi, W. and Rais, H. (2018). A survey on technical threat intelligence in the age of sophisticated cyber attacks. Computers & Security, 72:212–233.
Trinks, M., Gondim, J., and Albuquerque, R. (2023). Multi-agent architecture for passive rootkit detection with data enrichment. In CSEI, pages 29–41, Cham. Springer Nature Switzerland.
Chronicle Security (2023). Virustotal. [link]. Acessado em 15 jul 2023.
Dan (2022). Tor Node List. [link]. Acessado em 12 jul 2023.
Dingledine, R., Mathewson, N., and Syverson, P. (2004). Tor: The second-generation onion router. Technical report, Naval Research Lab Washington DC.
Julian, V. and Botti, V. (2019). Multi-Agent Systems. Applied Sciences (Switzerland), 9(7).
Marques, R. S., Epiphaniou, G., Al-Khateeb, H., Maple, C., Hammoudeh, M., De Castro, P. A. L., Dehghantanha, A., and Choo, K. K. R. (2021). A Flow-based Multi-Agent Data Exfiltration Detection Architecture for Ultra-low Latency Networks. ACM Transactions on Internet Technology, 21(4).
Maxmind (2023). GeoLite2 Free Geolocation Data. [link]. Acessado em 24 Fev 2023.
Schällibaum, J. A. (2019). Nuk3 gh0st. [link]. Acessado em 10 jul 2023.
Terra, M. B. and Gondim, J. J. (2021). NERD: A Network Exfiltration Rootkit Detector based on a Multi-agent Artificial Immune System. 2021 Workshop on Communication Networks and Power Systems, WCNPS 2021.
Tounsi, W. and Rais, H. (2018). A survey on technical threat intelligence in the age of sophisticated cyber attacks. Computers & Security, 72:212–233.
Trinks, M., Gondim, J., and Albuquerque, R. (2023). Multi-agent architecture for passive rootkit detection with data enrichment. In CSEI, pages 29–41, Cham. Springer Nature Switzerland.
Published
2024-09-16
How to Cite
TRINKS, Maickel J.; TERRA, Mateus; GONDIM, João.
PARDED: a passive malware detection tool focused on rootkits using traffic obfuscation techniques. In: TOOLS - BRAZILIAN SYMPOSIUM ON CYBERSECURITY (SBSEG), 24. , 2024, São José dos Campos/SP.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2024
.
p. 145-152.
DOI: https://doi.org/10.5753/sbseg_estendido.2024.241631.
