"Research is what I'm doing when I don't know what I'm doing." - Wernher von Braun
Development of Mirai Botnet Forensics Analysis Tool (MB-FAT)
According to Imperva Incapsula security team there are 49,657 Mirai-infected Internet of Things (IoT) devices since the Mirai source code was released. These devices are mainly surveillance systems and routers with default settings. IoT are projected to a fivefold increase in ten years and 75.44 billion worldwide by 2025. The next vital step in fulfilling Internet’s promise of connecting the world is what IoT is striving to attain using the existing ubiquitous Internet technology. Recent study developed a Mirai Bot Scanner Summation Prototype. The Mirai Scanner Summation prototype will parse through Mirai Bot Scanner malicous network traffic to summate the number of identified bots and potential new bot victim, the total number of unique TCP SYN packets and retransmission packets to generate report and line graph as output. The source IP of a unique SYN packet stands for bot while the destination IP represents a potential new bot victim. The retransmission packet represent an IoT device not vulnerable to the Mirai malware. The Mirai Scanner Summation Prototype only analyzes the Mirai Scanner network traffic dataset (Internet Addresses Census dataset, IMPACT ID: USC-LANDER/Mirai-B-scanning-20160601/rev5870, 2016). The Mirai Scanner Summation prototype does not cover other malicious network traffic generated by Mirai malware such as malicious network traffic due to: Mirai DoS attack, Mirai bruteforce login and Mirai Command and Control communication. There is a need to develop a solution to address these limitations. This research proposal seeks to develop a system that profiles the Mirai malware much more comprehensively—accounting for different network packets and wider Mirai communications and responses—than what exists in the current literature. The proposed solution would summate different network packets captured in a Mirai malicious traffic dataset, summate the number of bots carrying out a brute force login to a potential new bot victim, summate the number of bots communicating back to the Command & Control (C&C) report server and summate the number of bots responding to a C & C request to execute a Denial of Service (DoS) attack. The proposed Mirai Botnet Malicious Network Traffic Analyzer will be evaluated with recent related works on three basis: methods comparison, performance comparison and comparison of assessment results. Methods comparison will compare the methodology deployed by the proposed Mirai Botnet Malicious Network Traffic Analyzer and related works, performance comparison will compare the performance comparison of the run-time for the summation and assessment process of each solution while assessment results comparison will compare the proposed Mirai Botnet Malicious Network Traffic Analyzer with related work to determine the accuracy of the assessment of the dataset. This research will contributes to the Mirai botnet body of research by helping to understand the Mirai malware mode of operation.
Follow the research on researchgate.
Evaluating the State of the Art Antivirus Evasion Tools on Windows and Android Platform
Hackers use malware to gain access to target computers. Malicious payloads are usually generated using tools such as Metasploit. As a means of defence, the target computers deploy anti-virus solution to detect this malicious payloads and protect the victim machines. In a reaction to this, the hackers created anti-virus evasion tools to evade detection by this antivirus solutions. But how effective are these anti-virus evasion tools? This research seeks to evaluate the effectiveness of some selected anti-virus evasion tools: Avet, Veil, The Fat Rat, PeCloak.py, Phantom-Evasion and Shellter against current best Antivirus Solutions on Windows and Android platforms.
Download the conference paper here.
Development of an Efficient Hybrid Encryption Scheme for Securing Short Message Service (SMS)
Majority of mobile device users will prefer to preserve the privacy of their SMS communication using mobile device SMS encryption solutions. The mobile devices in use however, are highly constrained in terms of memory, power and computing capability to utilize the current SMS encryption solutions. As a result of this, there is a room for improvement in terms of the speed efficiency of the SMS encryption schemes proposed for use on mobile devices. This research proposed an end-to-end SMS encryption scheme ideal for use on mobile devices using a hybrid combination of cryptographic algorithms: Blowfish symmetric encryption algorithm, Elliptic Curve Diffie Hellman (ECDH) and Elliptic Curve Digital Signature Algorithm (ECDSA). The proposed scheme was implemented using Java programming language to develop SMS encrypting Android application. The time taken for the proposed scheme cryptographic operations was measured on five different android mobile devices with varying processor speed. The operation measured was the time taken for encryption, decryption and key generation. The research results revealed that the proposed scheme has a faster rate of key generation, encryption and decryption. This dissertation has provided an end-to-end hybrid SMS encryption scheme ideal for use on constrained mobile devices using a hybrid combination of cryptographic algorithms: Blowfish symmetric encryption algorithm, Elliptic Curve Diffie Hellman (ECDH) and Elliptic Curve Digital Signature Algorithm (ECDSA) and is therefore an improvement in term of speed to the existing SMS encryption schemes on mobile devices.
Download the full report on my researchgate page.