Treffer: A Proposed Method for Obfuscation of Malicious Traffic in a Compromised Network Using a Wireshark Simulator.

The importance of information security has become very critical in the era of digital transformation, especially as encryption processes become more complex, and thus, in return, there is a stronger willingness on the part of saboteurs to penetrate them. This paper presents an obfuscation method to hide traffic and simulate stealth penetration of computer networks by creating a dropper to execute client instructions directly in memory to avoid static anti-virus analysis when the server code sends encrypted shell commands to the client code (in the victim machine) which will execute the shell command and encrypt the output, before sending it back to the attacker's server code. The Advanced Encryption Standard (AES) encryption algorithm has been used due to its strength and durability, and it is not easy to decrypt, especially with the activation of the Cipher block chaining CBC and choosing a random initiation vector value. The Wireshark latest version simulation program has been used for monitoring traffic by applying the proposed method model, which has been developed by using Python language. The results have demonstrated the effectiveness of the possibility of using it in computer network security operations. [ABSTRACT FROM AUTHOR]

Copyright of International Review on Modelling & Simulations is the property of Praise Worthy Prize S.r.L. and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)