Beruflich Dokumente
Kultur Dokumente
The Use of Psychology and Software Design to
Disguise Malware
Brian Horch
October 30, 2019
123 Sesame Street
(555) 123-4567
fakeemail@fake.edu
Summary
This study aims to understand the psychology behind how trojan horse-style malware
disguises itself. It will do so through an analysis of the malware itself and a study where
people attempt to identify a certain piece of software or website as potential trojan
horse. Both of these tasks combined will require ten weeks to complete and will require
only my participation over the duration of them. Since I specialize within the field of
software development through courses such as Introduction to Software Engineering
and Mechanics of Programming, I am capable of understanding how benign software
behaves and then comparing it to the behavior of trojan horses.
Introduction
This interdisciplinary study aims to identify the psychological methods that trojan
horses use to disguise themselves. Trojan horses can be identified by either people or
anti-malware software. Since there has been much research done by developers of
anti-malware software on how to identify trojan horses with their productus, the study
will instead focus on how trojan horses deceive people. By focusing on this aspect, the
study will seek to create a list of potential traits that distinguish a trojan horse from a
piece of benign software.
To do this I shall first analyze as many samples of trojan horses as possible, alongside
similar-appearing benign software, to find the common differences between them.
After I have compiled a list, I will then pick and create examples of trojan-benign pairs
that emphasize a specific difference. Then I will create a sub-study where people will be
tasked with determining whether a piece of software is either a trojan horse or simply
benign. By using this data, along with the previously compiled list, I can create
educational materials to help people guard against trojan horse software.
The idea for this study came about by comparing trojan horses to false advertising. The
two are similar in that they make their best efforts to appear genuine until it is too late.
There has been much research into how false advertising works psychologically and
how to avoid it, but very little into similar concepts with respect to trojan horses.
Therefore, I will be able to contribute to the prevention of malware attacks by doing
this study. On a more personal note, this study will grant me insight into the human
side of the field of computer security that will supplement my previous coursework
within the field of software development.
Methodology
The study itself will be split into two distinct parts. The first part is analyzing trojan
horses. The analysis will be done in three distinct manners. The first is studying the
source of the malware. This would entail scrutinizing websites that host the malware,
phishing emails with links to said malware, and other means of transmission. The other
two forms of analysis will be analyzing the software’s behavior from both human and
code perspectives. The analysis of the software’s code will be kept to a minimum since
it will only serve to contextualize the other two forms of analysis. The analyses of the
software’s source and outward behavior will be done in comparison to benign software
that has similar functionality to that of what the malware is trying to imitate. In
addition, special deference will be given to any psychological techniques that are used
by the trojan horse to appear less suspicious or more desirable than the benign
counterpart.
In order to perform these analyses, I will utilize both low-cost and specialized
computer hardware. The low-cost hardware will be used to analyze the sources of the
malware. The reason that more advanced hardware will not be used is to mitigate risk.
There is little risk if a $20 computer with no personal information or unnecessary
software is compromised. However, I will still take precautions to prevent infections.
For the direct analysis of the malware, (both the code and human aspects) I will use
laboratory-grade hardware to prevent the malware from doing any harm while
simulating a normal computer.
The second part of this study is a more traditional psychological study where
participants will be asked to try and identify whether or not websites contain malware
and if a given piece of software is a trojan horse. Participants will found through
advertising on campus. Each participant will be given a series of websites and pieces of
software, where both the contents and the order of which they are displayed will be
determined randomly. The sample websites and software will be creations based on the
prior analyses and sanitized examples that embody one method of deception or a
specific combination of multiple. The participant will only be told the correctness of
their choices after they have completed the entire study. The results will then be
analyzed to see which of the observed methodologies are effective and will inform the
overall results and conclusions of the study.
Materials
To begin with I will need samples of trojan horses. These will simply be found online
and through public record.
For the analysis portion of the study I will need a fresh, disposable, computer and a
laboratory capable of simulating a nondescript internet-connected computer while
having said computer be isolated. The former is fairly easy to obtain, something akin to
a Raspberry Pi with a free and lightweight distribution of linux will suffice. For the latter
however, I will need to use university resources. In addition I will also need to
supplement university hardware with specialized hardware that allows for me to
simulate an internet connection and other parameters to fool the malware into acting
as if it were on a normal computer. In addition I will need professional grade analysis
tools to analyze the malware’s code as it is running in real time as well as to sterilize the
malware for the second portion.
For the second portion I will need access to a computer lab and participants. I will also
need sample malware and sources to show to the participants. Those will either be
sterilized versions of acquired samples or creations of my own design. I will also need
some form of compensation for the participants within the study.
Schedule of Work
The schedule will be as follows:
Week 1: Acquire samples of trojan horses and the necessary hardware
Weeks 2 and 3: Begin analysis of malware with respect to the benign software
Week 4: Finish analysis of malware and compile a list of methodologies. Begin
advertising for study
Week 5: Meet with advisor to go over analysis results and begin preparing examples
for the study
Week 6: Continue preparing examples for the study
Week 7: Host the study and meet with advisor to go over initial results
Weeks 8 and 9: Compile results and begin working on reports and sample
educational materials
Week 10: Finish formal report and create presentation of results
Budget
The budget will be as follows:
● $250 Comparison study compensation
● $1,250 Software/Lab use
● $2,000 Additional specialty computer hardware (i.e. Internet connection simulator)
● $8,000 Compensation
● $500 Set aside for unforeseen expenses
Biographical Background
Dr. Based on a Real Person
Dr. Based on a Real Person is currently a faculty member at Rochester Institute of
Technology. They have an interest and specialization within the fields of human
interaction within complex systems and decision-making while under time pressure.
They currently serve as an associate professor within the Department of Psychology
and as an Affiliate of the Center for Cybersecurity. They have created numerous
publications, many of which are conference proceedings within the Human Factors and
Ergonomics Society, including one recently accepted for publication analyzing data
science from a more human perspective. With their background in both psychological
and technical fields, Dr. Person is uniquely qualified to advise this project.
Brian Horch
I am currently a second-year student at Rochester Institute of Technology. I am
majoring in computer science and plan to minor in mathematics, and I plan to graduate
in December 2022. Through my coursework within computer science, such as the
classes Mechanics of Programming and Introduction to Software Engineering, I have
found that it is very easy to create software that is opaque and hard for a user to
comprehend. This has led me to take an interest in two fields, making software easier to
use for the average person and how people utilize this for malicious purposes. As such,
being able to do this project will allow me to benefit both of the aforementioned fields.
Conclusion
With this study, I aim to help prevent cyberattacks that could otherwise cause people’s
personal data to be compromised or have even worse outcomes. Without funding, this
study would be nearly impossible to do. I cannot guarantee that any analysis of malware
will be safe without specialized hardware and software, both of which require funding.
In addition, the study will result in the direct creation of educational materials to help
inform people about warning signs. This creates a direct, positive, impact without the
need for additional work. Therefore, this study should be funded for the sake of
improving the field of cybersecurity as a whole.