Advertisement

A Design for a Secure Malware Laboratory

  • Xavier RiofríoEmail author
  • Fernando Salinas-Herrera
  • David Galindo
Conference paper
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 1099)

Abstract

Malicious software teaching is based on theory, consequently, students do not experiment with real practice. Therefore, when they confront a rising incidence in the real world, the response is not usually at the adequate time neither valuable enough. A practical focus will provide a different understanding of the problem due to the fact that the student will be able to recognise suspicious behaviour. This paper proposes the design of an entire platform that experiments with topics related to malware in a controlled and safe environment. The strategy presented is a virtual machine that integrates tools including Metasploit Framework, vulnerable systems, and software scanners. Besides, a web tutorial is available for user orientation; it incorporates additional exclusive components for Metasploit and a tutorial to develop them.

Keywords

Malware Metasploit Course Practice Virus 

References

  1. 1.
    The network support company, What Is Malware? [Infographic]. https://www.network-support.com/wp-content/uploads/2016/10/What-Is-Malware-Infographic.jpg. Accessed 06 Oct 2016
  2. 2.
    Szor, P.: The Art of Computer Virus Research and Defense. Pearson Education (2005)Google Scholar
  3. 3.
    Davis, M., Bodmer, S., LeMasters, A.: Hacking Exposed Malware and Rootkits. McGraw-Hill Inc., New York (2009)Google Scholar
  4. 4.
    Damshenas, M., Dehghantanha, A., Mahmoud, R.: A survey on malware propagation, analysis, and detection. Int. J. Cyber Secur. Digit. Forensics (IJCSDF) 2(4), 10–29 (2013)Google Scholar
  5. 5.
    Fosnock, C.: Computer worms: past, present, and future, p. 8. East Carolina University (2005)Google Scholar
  6. 6.
    Kiltz, S., Lang, A., Dittmann, J.: Malware: specialized trojan horse. In: Cyber Warfare and Cyber Terrorism, pp. 154–160. IGI Global (2007)Google Scholar
  7. 7.
    Goswami, D.: Wanna Cry ransomware cyber-attack: 104 countries hit, India among worst affected, US NSA attracts criticism. http://indiatoday.intoday.in/story/wanna-cry-ransomware-attack-104-countries-hit-nsa-criticised/1/953338.html. Accessed 14 May 2017
  8. 8.
    Sikorski, M., Honig, A.: Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software. No Starch Press Edition (2012)Google Scholar
  9. 9.
    You, I., Yim, K.: Malware obfuscation techniques: a brief survey. In: 2010 International Conference on Broadband, Wireless Computing, Communication and Applications (BWCCA) (2010)Google Scholar
  10. 10.
    Singh, A.: Metasploit Penetration Testing Cookbook. Packt Publishing Ltd., Birmingham (2012)Google Scholar
  11. 11.
    Rapid 7 Community: Metasploit-framework: msfvenom. https://github.com/rapid7/metasploit-framework/wiki/How-to-use-msfvenom. Accessed 14 Sept 2016
  12. 12.
    Rapid 7 Community: Metasploit user guide. https://community.rapid7.com/docs/DOC-1563. Accessed 06 June 2017
  13. 13.
    Rapid 7 Community: How to set up a penetration testing lab. https://community.rapid7.com/docs/DOC-2196. Accessed 05 July 2013
  14. 14.
    Scambray, J., McClure, S., Scambray, J.: Hacking Exposed Windows. Tata McGraw-Hill Education, New York (2007)Google Scholar
  15. 15.
    Rapid 7 Community: Metasploitable 2 exploitability guide. https://community.rapid7.com/docs/DOC-1875. Accessed 01 June 2012
  16. 16.
    Truncer, C.: Veil 3.0 command line usage. framework.com/veil-command-line-usage/. Accessed 21 Mar 2017
  17. 17.
    Spafford, E.H.: The Internet worm program: an analysis. ACM SIGCOMM Comput. Commun. Rev. 19, 17–57 (1989)CrossRefGoogle Scholar
  18. 18.
    Porras, P., Saídi, H., Yegneswaran, V.: A Foray into Conficker’s Logic and Rendezvous Points. In: LEET (2009)Google Scholar
  19. 19.
    Google Open Online Education: Course builder documentation (2017). https://edu.google.com/openonline/course-builder/index.html
  20. 20.
    Maynor, D.: Metasploit Toolkit for Penetration Testing, Exploit Development, and Vulnerability Research. Elsevier, Amsterdam (2011)Google Scholar
  21. 21.
    Piedra Orellana, C.P., Peralta Bravo, A.C.: Evaluación del rendimiento académico de los estudiantes de la asignatura de algoritmos, datos y estructuras de la facultad de ingeniería a partir de la construcción de un modelo conceptual de datos aplicado a un MOOC, Cuenca, Ecuador (2014)Google Scholar
  22. 22.
    Google Cloud Platform, Google Inc.: Quickstart for Python App Engine Standard Environment. https://cloud.google.com/appengine/docs/standard/python/quickstart. Accessed 21 May 2017

Copyright information

© Springer Nature Switzerland AG 2020

Authors and Affiliations

  • Xavier Riofrío
    • 1
    • 2
    Email author
  • Fernando Salinas-Herrera
    • 1
  • David Galindo
    • 1
  1. 1.University of BirminghamBirminghamUK
  2. 2.School of Computer ScienceUniversidad de CuencaCuencaEcuador

Personalised recommendations