MAYALOK: A Cyber-Deception Hardware Using Runtime Instruction Infusion

pdf

ABSTRACT

Rapid rise in malware attacks has added significant costs to cyber operations. As adversaries evolve, there is a growing need for fast, targeted defenses that effectively guard computer systems against these cyber-attacks. Cyber-deception is an increasingly adopted defense strategy with its ability to continually engage with adversaries and deploy counter-measures proactively by manipulating the malware program execution flow to non-useful states for the attacker. This paper introduces Mayalok, a novel hardware-based cyber-deception framework to combat malware through runtime instruction infusion. Mayalok employs hardware deception primitives to transparently insert or skip malware program instructions during runtime and deliver the attackers a deceptive view of the system state. We evaluate and demonstrate the deception efficacy of the Mayalok framework on malware samples representing various attack vectors: Ransomware, InfoStealers, Buffer overflow, and Side-channels.

Preet Derasari is a Ph.D. candidate in the Department of Electrical and Computer Engineering at George Washington University where he is advised by Dr. Guru Prasadh Venkataramani. Preet's research primarily focuses on hardware support for proactive defense frameworks. He is also interested in designing intelligent hardware primitives to safeguard systems against advanced digital threats. He is a member of IEEE and ACM. 
 

Tags:
License: BSD-3-Clause
Submitted by Regan Williams on