# Hydras and IPFS: A Decentralised Playground for Malware

**Authors:** Constantinos Patsakis, Fran Casino

arXiv: 1905.11880 · 2020-01-27

## TL;DR

This paper introduces Resource Identifier Generation Algorithms that extend traditional domain generation techniques to include protocols like IPFS, enabling malware to use decentralized storage for bot management and communication, with experimental validation.

## Contribution

It presents a novel extension of DGA mechanisms to IPFS and other protocols, demonstrating how malware can exploit decentralized storage for covert operations.

## Key findings

- IPFS can be exploited for malware bot management.
- The proposed algorithms are effective in experimental scenarios.
- The approach is extensible to other distributed storage services.

## Abstract

Modern malware can take various forms, and has reached a very high level of sophistication in terms of its penetration, persistence, communication and hiding capabilities. The use of cryptography, and of covert communication channels over public and widely used protocols and services, is becoming a norm. In this work, we start by introducing Resource Identifier Generation Algorithms. These are an extension of a well-known mechanism called Domain Generation Algorithms (DGA), which are frequently employed by cybercriminals for bot management and communication. Our extension allows, beyond DNS, the use of other protocols. More concretely, we showcase the exploitation of the InterPlanetary file system (IPFS). This is a solution for the "permanent web", which enjoys a steadily growing community interest and adoption. The IPFS is, in addition, one of the most prominent solutions for blockchain storage. We go beyond the straightforward case of using the IPFS for hosting malicious content, and explore ways in which a botmaster could employ it, to manage her bots, validating our findings experimentally. Finally, we discuss the advantages of our approach for malware authors, its efficacy and highlight its extensibility for other distributed storage services.

## Full text

_Full body text omitted from this summary view._ Fetch the complete paper as Markdown: https://tomesphere.com/paper/1905.11880/full.md

## Figures

4 figures with captions in the complete paper: https://tomesphere.com/paper/1905.11880/full.md

## References

44 references — full list in the complete paper: https://tomesphere.com/paper/1905.11880/full.md

---
Source: https://tomesphere.com/paper/1905.11880