Draft a memo to management indicating plans for any endpoint protection and encr

Question

Draft a memo to management indicating plans for any endpoint protection and encryption that you believe need to be implemented within the organization. This must be a professional memo using appropriate and professional language. You are making a case for getting the business to implement these changes. You must provide all appropriate rationale for either the use of or the lack of use of endpoint protection and encryption since you are trying to convince management to make use of your recommendations. This should not be a "do this because it's best practice" argument. Instead, explain why your recommendation has value and what the business will get out of implementing your recommendation. Must use in-text cite and reference page all in APA format. at least two sources.

Explanation / Answer

Today’s world is rapidly moving towards digitization. In this context, protecting and safeguarding the digital resources is very crucial for a large organization or a country. Digital resources are attacked and virtually brought down using malware. One of the strategies to defend against malware is searching for a pattern inside them. These patterns become the signature for a malware and they are deployed into a security system for detection. But the traditional signature generation techniques fail against polymorphic malware, which change their form after every infection. We propose a defense system which uses, Logistic regression with Anova F-Test and snort IDS to thwart these polymorphic malware. Logistic regression with Anova F-Test has achieved 97.7% accuracy.

Human lives are hugely intertwined with web. It makes
people smart, connected and updated at lightening speed. But
there are organizations and individuals who for their personal
motives target web in various ways. They attack others systems
to steal, make changes or completely destroy in an anonymous
way. These type of attacks are termed as cyber attacks. Cyber
attacks have become quite prevalent and dangerous these days.
They hamper the growth of economy and functioning of large
organizations and countries.

According to a study by McAfee, MyDoom is a spam mailing malware that caused the largest economic damage of all time, it’s estimated damage is about $38 billion. Alarmingly, a report by security company AV-Test tells the total number of malware has doubled over the past four years.

To detect a normal malware the longest common con-
tent in it is found and deployed in to a security system

as the malware signature. Next time, when attacker sends
the same malware in a packet, security system checks for
known signatures in the packets, if they are found immediately
those packets are dropped. To evade these type of detection
systems, attackers employ various techniques to ensure no
trace of longest common content is fingerprinted and used
as signatures. One of the successful evasion techniques is
by deploying polymorphic malware into victims system. A
malware which exhibits different form after every infection is
called a Polymorphic malware. These malware change their
form after every infection, there by the signature found by
a security system intially would have changed. If a security
systems searches for the same signature, it would fail. For
this reason, attackers frequently use polmorphic malware to
intrude into a vulnerable system.

To thwart these type of malware it’s important to understand their structure. A typical polymorphic malware would contain an encrypted payload and a decryption routine. Encrypted payload contains the malicious instructions in an encrypted form, usually it looks like a junk data. This encrypted payload is usually appended to a decryption module.

Once these type of malware are executed in the victim’s
system, control is given to a decryptor which decrypts the

encrypted payload. Decrypted payload would contain the ma-
licious instructions. These are finally executed to compromise

the vulnerable system.
Apart from encryption, there are many other techniques to deploy polymorphism few of them are :
• Garbage-code insertion is a technique, where garbage instructions are inserted into a malware after every infection. For example, we can insert lot of nop instructions after every infection which makes it difficult for a security system to compare the two instances of the same malware.

• Instruction-substitution technique employs polymorphism by replacing a code with an equivalent but different one.

Code-transposition exhibits polymorphism by changing the execution order using jumps.

• Register-reassignment deploys polymorphism into a malware payload by simple reassignment of registers.

We have proposed an efficient machine learning algorithm using Anova F-Test to end the menace of these malware. In addition, the features selected by Anova F-Test are deployed into Snort IDS to build an effective defense system. Our method, has achieved 97.7% accuracy.

Related Questions

Navigate

• Browse (All)
• Browse D
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.