Proposal for an information-hiding model in executable files
DOI:
https://doi.org/10.54939/1859-1043.j.mst.CSCE8.2024.98-107Keywords:
Information hiding; Computer security; Executable code attachment model.Abstract
In this paper, the authors propose a model for hiding information in executable files on a 64-bit Windows environment based on embedding data into the empty spaces between sections in executable files. After embedding, the information does not increase the file size, does not affect the execution of the original file, and avoids false positives from antivirus programs. This hiding method is based on analyzing the file structures, the mechanism for concealing malicious code into the last section of the executable file, and the mechanism for loading files into executable memory. To enhance the security of the hidden information, data should be encrypted before embedding.
References
[1]. A. K. Abdulrahman and S. Ozturk, “A novel hybrid DCT and DWT based robust watermarking algorithm for color images,” Multimed. Tools Appl., (2019). DOI: https://doi.org/10.1007/s11042-018-7085-z
[2]. A. Rasmi, B. Arunkumar, and V. M. Anees, “A comprehensive review of digital data hiding techniques,” Pattern Recognition and Image Analysis, vol. 29, pp. 639–646, (2019). DOI: https://doi.org/10.1134/S105466181904014X
[3]. Dennis Distler, “Perfoming Behavioral Analysis of Malware”, SANS Training, (2011).
[4]. Karen Kent, Murugiah Souppaya, “Guide to Malware Incident Prevention and Handling for Desktops and Laptops -Special Publication 800-83”, NIST(National Institute of Standards and Technology), tr. 2-6, (2013).
[5]. Konrad Rieck, Philipp Trinius, Carsten Willems and Thorsten Holz, “Automatic Analysis of Malware Behavior using Machine Learning”, Journal of Computer Security, Volume 13, No. 4, tr. 639-668, (2011). DOI: https://doi.org/10.3233/JCS-2010-0410
[6]. Savakar, D.G., Ghuli, A., "Robust Invisible Digital Image Watermarking Using Hybrid Scheme", Arab J Sci Eng 44, 3995–4008, (2019).
[7]. M. J. Hwang, J. Lee, M. Lee, and H. G. Kang, “SVD-Based adaptive QIM watermarking on stereo audio signals,” IEEE Trans. Multimed., vol. 20, no. 1, pp. 45–54, (2018).
[8]. Nicolas Falliere, "Windows Anti-Debug Reference", (2012)
[9]. Michael Sikorski, Andrew Honig, "Practical Malware Analysis". San Francisco, (2012). DOI: https://doi.org/10.1016/S1353-4858(12)70109-5
[10]. Morton Christiansen, “Bypassing Malware Defenses”, SANS Institute Reading Room, tr. 17-34, (2010).
[11]. Philipp Trinius, Thorsten Holz, Konrad Rieck and Carsten Willems, “A malware Instruction Set for Behavior-Based Analysis”, Sicherheit Berlin, Germany, tr. 205–216, (2010).
[12]. Peter Szor, "The Art of Computer Virus Research and Defense ", (2015).
[13]. Savakar, D.G., Ghuli, A., "Robust Invisible Digital Image Watermarking Using Hybrid Scheme", Arab J Sci Eng 44, 3995–4008, (2019). DOI: https://doi.org/10.1007/s13369-019-03751-8
[14]. M. J. Hwang, J. Lee, M. Lee, and H. G. Kang, “SVD-Based adaptive QIM watermarking on stereo audio signals,” IEEE Trans. Multimed., vol. 20, no. 1, pp. 45–54, (2018). DOI: https://doi.org/10.1109/TMM.2017.2721642
