EconPapers    
Economics at your fingertips  

EconPapers Home
About EconPapers

Working Papers
Journal Articles
Books and Chapters
Software Components

Authors

JEL codes
New Economics Papers

Advanced Search


EconPapers FAQ
Archive maintainers FAQ
Cookies at EconPapers

Format for printing

The RePEc blog
The RePEc plagiarism page

 

Alternate Data Stream Attack Framework to Perform Stealth Attacks on Active Directory Hosts

Akashdeep Bhardwaj, Keshav Kaushik, Mashael S. Maashi, Mohammed Aljebreen and Salil Bharany ()
Additional contact information
Akashdeep Bhardwaj: School of Computer Science, University of Petroleum and Energy Studies, Dehradun 248007, India
Keshav Kaushik: School of Computer Science, University of Petroleum and Energy Studies, Dehradun 248007, India
Mashael S. Maashi: Software Engineering Department, College of Computer and Information Sciences, King Saud University, Riyadh 11451, Saudi Arabia
Mohammed Aljebreen: Department of Computer Science, Community College, King Saud University, Riyadh 11437, Saudi Arabia
Salil Bharany: Department of Computer Engineering & Technology, Guru Nanak Dev University, Amritsar 143005, India

Sustainability, 2022, vol. 14, issue 19, 1-19

Abstract: Microsoft’s file system, NTFS, is the most utilised file system by Windows OS versions XP, Vista, 7, and 10. These systems have a little-known file attribute feature known as alternate data streams (ADS) which allows each file in the NTFS file system to have multiple data streams. ADS cannot be removed from the NTFS operating systems. However, the presence of ADS is not inevitably an issue in the OS or file system. Valid instances can be found on systems if scanned and might be valid. Windows OS does not have any in-built tools or applications to determine and remove the presence of existing ADS. This research presents ADSA or alternate data stream attack framework to exploit the alternate data streams and perform cyberattacks on Microsoft operating systems. This research discusses the process of creating and searching alternate data streams with a standard file and an executable binary. The authors executed ADS-hidden executable binary in the ADS. The authors present methods to detect and perform a clean-up by deleting the alternate data stream.

Keywords: alternate data streams; ADS; data hide; hidden malware; living-off-the-land; LOTL (search for similar items in EconPapers)
JEL-codes: O13 Q Q0 Q2 Q3 Q5 Q56 (search for similar items in EconPapers)
Date: 2022
References: View references in EconPapers View complete reference list from CitEc
Citations:

Downloads: (external link)
https://www.mdpi.com/2071-1050/14/19/12288/pdf (application/pdf)
https://www.mdpi.com/2071-1050/14/19/12288/ (text/html)

Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.

Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text

Persistent link: https://EconPapers.repec.org/RePEc:gam:jsusta:v:14:y:2022:i:19:p:12288-:d:927128

Access Statistics for this article

Sustainability is currently edited by Ms. Alexandra Wu

More articles in Sustainability from MDPI
Bibliographic data for series maintained by MDPI Indexing Manager ().

 
Share

RePEc
This site is part of RePEc and all the data displayed here is part of the RePEc data set.

Is your work missing from RePEc? Here is how to contribute.

Questions or problems? Check the EconPapers FAQ or send mail to .

Örebro UniversityEconPapers is hosted by the School of Business at Örebro University.

Page updated 2025-03-19
Handle: RePEc:gam:jsusta:v:14:y:2022:i:19:p:12288-:d:927128