{"id":"https://openalex.org/W4411014724","doi":"https://doi.org/10.1145/3714393.3726496","title":"CryptMove: Moving Stealthily through Legitimate and Encrypted Communication Channels","display_name":"CryptMove: Moving Stealthily through Legitimate and Encrypted Communication Channels","publication_year":2024,"publication_date":"2024-06-19","ids":{"openalex":"https://openalex.org/W4411014724","doi":"https://doi.org/10.1145/3714393.3726496"},"language":"en","primary_location":{"id":"doi:10.1145/3714393.3726496","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3714393.3726496","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3714393.3726496","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the Fifteenth ACM Conference on Data and Application Security and Privacy","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://dl.acm.org/doi/pdf/10.1145/3714393.3726496","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5100552032","display_name":"Md Rabbi Alam","orcid":"https://orcid.org/0009-0009-8463-3449"},"institutions":[{"id":"https://openalex.org/I102149020","display_name":"University of North Carolina at Charlotte","ror":"https://ror.org/04dawnj30","country_code":"US","type":"education","lineage":["https://openalex.org/I102149020"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Md Rabbi Alam","raw_affiliation_strings":["University of North Carolina at Charlotte, Charlotte, NC, USA"],"raw_orcid":"https://orcid.org/0009-0009-8463-3449","affiliations":[{"raw_affiliation_string":"University of North Carolina at Charlotte, Charlotte, NC, USA","institution_ids":["https://openalex.org/I102149020"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5051564807","display_name":"Jinpeng Wei","orcid":"https://orcid.org/0000-0002-6982-7386"},"institutions":[{"id":"https://openalex.org/I102149020","display_name":"University of North Carolina at Charlotte","ror":"https://ror.org/04dawnj30","country_code":"US","type":"education","lineage":["https://openalex.org/I102149020"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Jinpeng Wei","raw_affiliation_strings":["University of North Carolina at Charlotte, Charlotte, NC, USA"],"raw_orcid":"https://orcid.org/0000-0002-6982-7386","affiliations":[{"raw_affiliation_string":"University of North Carolina at Charlotte, Charlotte, NC, USA","institution_ids":["https://openalex.org/I102149020"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5100776173","display_name":"Qingyang Wang","orcid":"https://orcid.org/0000-0002-5729-2898"},"institutions":[{"id":"https://openalex.org/I121820613","display_name":"Louisiana State University","ror":"https://ror.org/05ect4e57","country_code":"US","type":"education","lineage":["https://openalex.org/I121820613"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Qingyang Wang","raw_affiliation_strings":["Louisiana State University, Baton Rouge, LA, USA"],"raw_orcid":"https://orcid.org/0000-0002-5729-2898","affiliations":[{"raw_affiliation_string":"Louisiana State University, Baton Rouge, LA, USA","institution_ids":["https://openalex.org/I121820613"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5100552032"],"corresponding_institution_ids":["https://openalex.org/I102149020"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":true,"cited_by_count":0,"citation_normalized_percentile":{"value":0.26960801,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"359","last_page":"370"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9993000030517578,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9991999864578247,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.5783493518829346},{"id":"https://openalex.org/keywords/encryption","display_name":"Encryption","score":0.5670356750488281},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.35547441244125366}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.5783493518829346},{"id":"https://openalex.org/C148730421","wikidata":"https://www.wikidata.org/wiki/Q141090","display_name":"Encryption","level":2,"score":0.5670356750488281},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.35547441244125366}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3714393.3726496","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3714393.3726496","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3714393.3726496","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the Fifteenth ACM Conference on Data and Application Security and Privacy","raw_type":"proceedings-article"}],"best_oa_location":{"id":"doi:10.1145/3714393.3726496","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3714393.3726496","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3714393.3726496","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the Fifteenth ACM Conference on Data and Application Security and Privacy","raw_type":"proceedings-article"},"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/10","score":0.44999998807907104,"display_name":"Reduced inequalities"}],"awards":[],"funders":[{"id":"https://openalex.org/F4320333028","display_name":"University of North Carolina at Charlotte","ror":"https://ror.org/04dawnj30"}],"has_content":{"grobid_xml":true,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4411014724.pdf","grobid_xml":"https://content.openalex.org/works/W4411014724.grobid-xml"},"referenced_works_count":29,"referenced_works":["https://openalex.org/W125046873","https://openalex.org/W126407768","https://openalex.org/W191489030","https://openalex.org/W1955645522","https://openalex.org/W2065995359","https://openalex.org/W2103227860","https://openalex.org/W2158934842","https://openalex.org/W2262479410","https://openalex.org/W2294935184","https://openalex.org/W2295441334","https://openalex.org/W2350778671","https://openalex.org/W2398729674","https://openalex.org/W2399247437","https://openalex.org/W2514974017","https://openalex.org/W2765664114","https://openalex.org/W2767896960","https://openalex.org/W2986944522","https://openalex.org/W3015650867","https://openalex.org/W3046121809","https://openalex.org/W3048692563","https://openalex.org/W3084397815","https://openalex.org/W3091828316","https://openalex.org/W3153698034","https://openalex.org/W3171213563","https://openalex.org/W4247903245","https://openalex.org/W4372261670","https://openalex.org/W4402263645","https://openalex.org/W6692854719","https://openalex.org/W6799285252"],"related_works":["https://openalex.org/W4391375266","https://openalex.org/W2899084033","https://openalex.org/W2748952813","https://openalex.org/W2390279801","https://openalex.org/W4391913857","https://openalex.org/W2358668433","https://openalex.org/W4396701345","https://openalex.org/W2376932109","https://openalex.org/W2001405890","https://openalex.org/W4396696052"],"abstract_inverted_index":{"To":[0,170],"move":[1],"laterally":[2],"inside":[3],"an":[4],"enterprise":[5],"environment,":[6],"Advanced":[7],"Persistent":[8],"Threat":[9],"(APT)":[10],"attacks":[11,23],"have":[12,29],"used":[13,99],"multiple":[14],"techniques.":[15],"Due":[16],"to":[17,92,104,139,155,159],"the":[18,22,25,34,62,86,89,94,101,114,126,131,134,140,148,161,172,206],"arms":[19],"race":[20],"between":[21],"and":[24,77,117,184,195,216,219],"defenses,":[26],"such":[27],"techniques":[28],"evolved":[30],"over":[31],"time,":[32],"with":[33],"latest":[35],"one":[36],"capable":[37],"of":[38,88,133,147,167,174],"reusing":[39],"existing":[40,76],"network":[41],"connections":[42,58],"for":[43,80],"stealthy":[44],"lateral":[45,81],"movement.":[46,82],"However,":[47],"this":[48,65],"technique":[49,72],"has":[50],"limited":[51],"impact":[52],"because":[53],"it":[54,107],"cannot":[55],"reuse":[56],"encrypted":[57,78,119,127],"that":[59,73,97,186,205],"are":[60],"becoming":[61],"norm.":[63],"In":[64],"paper,":[66],"we":[67,176],"present":[68],"CryptMove,":[69,175],"a":[70,157,165],"novel":[71],"can":[74],"abuse":[75],"channels":[79],"CryptMove":[83,143,207],"secretly":[84,109],"accesses":[85],"memory":[87,168],"target":[90,102,115,141,149],"process":[91,103,116],"duplicate":[93],"security":[95,135,162],"context":[96,136,163],"is":[98,137,209],"by":[100,113,212],"perform":[105],"encryption/decryption;":[106],"also":[108,203],"duplicates":[110],"sockets":[111,124],"owned":[112],"injects":[118],"malicious":[120],"commands":[121],"through":[122],"these":[123],"into":[125],"communication":[128],"channels.":[129],"Since":[130],"location":[132],"specific":[138],"application,":[142],"employs":[144],"automated":[145],"analysis":[146],"application's":[150],"binary":[151],"code,":[152],"in":[153],"order":[154],"learn":[156],"path":[158],"reach":[160],"via":[164],"sequence":[166],"accesses.":[169],"demonstrate":[171],"feasibility":[173],"built":[177],"PoC":[178,208],"attack":[179],"tools":[180],"(on":[181],"both":[182],"Windows":[183],"Linux)":[185],"successfully":[187],"attacked":[188],"popular":[189,214],"applications":[190],"(e.g.,":[191],"OpenSSH,":[192],"PuTTY,":[193],"WinSCP":[194],"WinRM)":[196],"under":[197],"63":[198],"different":[199],"cipher-protocol":[200],"combinations.":[201],"We":[202],"confirmed":[204],"not":[210],"detectable":[211],"several":[213],"Antivirus":[215],"Endpoint":[217],"Detection":[218],"Response":[220],"systems.":[221]},"counts_by_year":[],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}