Encryption and Re-Randomization Techniques for Malware Propagation

Encryption, which is essential for the protection of sensitive information can also transform any malicious content to illegible form, which can then reside in any network, undetected. Encryption of malicious payload is used by malware authors to mask their code, however, the objective of hiding the malicious code can be further improved by techniques of re-randomization. The concept of re-randomization using asymmetric cryptography has been emerged as a new area of interest for malware designers. Re-randomizing is a technique which can prevent detection of source path of a malware and makes it indistinguishable. This article extends the idea of using asymmetric cryptography for re-randomization and has proposed a novel scheme using Pailliar’s asymmetric cryptosystem. Moreover, this research work illustrates the limitations of RSA for malware re-randomization. A comprehensive performance analysis of the re-randomization techniques for various malware payloads is also presented, which can be used for the detection of re-randomized malware effectively.