Zhaoshun Wang

Work place: University of Science and Technology Beijing/Computer Science and Technology, Beijing, 100083, China

E-mail: zhswang@sohu.com


Research Interests: Software Engineering, Computer systems and computational processes, Systems Architecture, Information Security


Zhaoshun Wang is a Professor and the Associate Head of the Department of Computer Science and Technology at the University of Science and Technology Beijing. He graduated from Department of Mathematics at Beijing Normal University in 1993. He received his PhD from Beijing University of Science and Technology in 2002. He completed postdoctoral research work at the Graduate School of the Chinese Academy of Sciences in 2006. He holds patents and has many awards to his name. His main research areas include Information Security, Computer Architecture and Software Engineering.

Author Articles
Towards Data Resilience: The Analytical Case of Crypto Ransomware Data Recovery Techniques

By Aaron Zimba Zhaoshun Wang Luckson Simukonda

DOI: https://doi.org/10.5815/ijitcs.2018.01.05, Pub. Date: 8 Jan. 2018

Crypto ransomware has earned an infamous reputation in the malware landscape and its sound sends a lot of shivers to many despite being a new entrant. The media has not helped matters even as the myths and inaccuracies surrounding crypto ransomware continue to deepen. It’s been purported that once crypto ransomware attacks, the victim is left with no option but to pay in order to retrieve the encrypted data, and that without a guarantee, or risk losing the data forever. Security researchers are inadvertently thrown into a cat-and-mouse chase to catch up with the latest vices of the aforesaid in order to provide data resilience. In this paper, we debunk the myths surrounding loss of data via a crypto ransomware attack. Using a variety of crypto ransomware samples, we employ reverse engineering and dynamic analysis to evaluate the underlying attack structures and data deletion techniques employed by the ransomware. Further, we expose the data deletion techniques used by ransomware to prevent data recovery and suggest how such could be countered. From the results, we further present observed sandbox evasion techniques employed by ransomware against both static and dynamic analysis in an effort to obfuscate its operations and subsequently prevent data recovery. Our analyses have led us to the conclusion that no matter how devastating a crypto ransomware attack might appear, the key to data recovery options lies in the underlying attack structure and the implemented data deletion methodology.

[...] Read more.
Malware-Free Intrusions: Exploitation of Built-in Pre-Authentication Services for APT Attack Vectors

By Aaron Zimba Zhaoshun Wang

DOI: https://doi.org/10.5815/ijcnis.2017.07.01, Pub. Date: 8 Jul. 2017

Advanced Persistent Threat (APT) actors seek to maintain an undetected presence over a considerable duration and therefore use a myriad of techniques to achieve this requirement. This stealthy presence might be sought on the targeted victim or one of the victims used as pawns for further attacks. However, most of the techniques involve some malicious software leveraging the vulnerability induced by an exploit or leveraging the ignorance of the benign user. But then, malware generates a substantial amount of noise in form of suspicious network traffic or unusual system calls which usually do not go undetected by intrusion detection systems. Therefore, an attack vector that generates as little noise as possible or none at all is especially attractive to ATP threat actors as this perfectly suits the objective thereof. Malware-free intrusions present such attack vectors and indeed are difficult to detect because they mimic the behavior of normal applications and add no extra code for signature detection or anomaly behavior. This paper explores malware-free intrusions via backdoors created by leveraging the available at pre-authentication system tools availed to the common user. We explore two attack vectors used to implant the backdoor and demonstrate how such is accessible over the network via remote access while providing the highest level of system access. We further look at prevention, detection and mitigation measures which can be implemented in the case of compromise.

[...] Read more.
Other Articles