Analysis and Detection of DMA Malware for Peripheral Devices
Abhinav Kharbanda1, Meena Kumari2
1Abhinav Kharbanda, Student, Department of Computer Science, The North Cap University, Gurgaon, Haryana, India.
2Dr. Meena Kumari, Professor, Department of Computer Science, The North Cap University, Gurgaon, Haryana, India.
Manuscript received on 16 November 2015 | Revised Manuscript received on 28 November 2015 | Manuscript Published on 30 November 2015 | PP: 28-33 | Volume-5 Issue-6, November 2015 | Retrieval Number: J22770351016/2015©BEIESP
Open Access | Editorial and Publishing Policies | Cite | Mendeley | Indexing and Abstracting
© The Authors. Blue Eyes Intelligence Engineering and Sciences Publication (BEIESP). This is an open access article under the CC-BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/4.0/)
Abstract: Malware or malicious code aimed at exploiting information systems are continously evolving at a pace at which it becomes exacting to counter them. As the complexity of information systems and encryption techniques increases exponentially, the malwares developed to exploit the loopholes in them also become difficult to detect and comprehend. In this research paper, various innovative approaches to develop malware that can bypass existing counter measures to snoop and modify information present in system’s primary memory or RAM, via Direct Memory Access (DMA), is analyzed. The exploits using DMA that easily dissemble from various end-user security mechanisms by executing their code on the processor and memory of the peripheral are described. The peripherals infected from DMA malware, if introduced in any one system, can spread across numerous inter-connected network systems in a data center, and hence have a devastating potential. The approach of exploiting systems using peripherals becomes pertinent because of the ability of a DMA malware to affect numerous users without being detected and the inadequacy of present counter-measures. The paper is concluded by describing major threats to information systems from malware installed on peripheral devices, executing stealthily and harnessing the advantage of a separate execution environment, perceptibly innocuous outlook, and DMA to host’s primary memory.
Keywords: DMA malware, Direct Memory Access (DMA), Graphics processing unit (GPU), Malware, NIC, Peripherals, Rootkit
Scope of the Article: Direct Memory Access