Cited By
View all- Nasereddin MAl-Qassas R(2024)A new approach for detecting process injection attacks using memory analysisInternational Journal of Information Security10.1007/s10207-024-00836-w23:3(2099-2121)Online publication date: 1-Jun-2024
Detecting PE infection-based malware
Pages 191 - 199
Abstract
Organisations have employed multiple layers of defence mechanisms, while numerous attacks still take place every day. Malware is a major vehicle to perform attacks such as stealing confidential information, disrupting services, or sabotaging industrial systems. Attackers customise malware by advanced attack techniques, such as portable executable (PE) infection or dynamic link library (DLL) injection which inserts a malicious DLL to a benign program, to subvert defence systems. Advanced persistent threat (APT) attacks had intruded and not been discovered in high profile organisations; they are seeking for a solution to identify the malware. The behaviour of DLL injection sometimes occurs during execution; static analysis might not be able to capture it. To improve the detection performance, this study proposes a hybrid approach combining static and dynamic analysis to detect malware. The experimental results show that the proposed approach could detect malware efficiently and could flag unknown malware before the commercial anti-virus software.
Index Terms
- Detecting PE infection-based malware
Index terms have been assigned to the content through auto-classification.
Recommendations
A survey of strategy-driven evasion methods for PE malware: Transformation, concealment, and attack
AbstractThe continuous proliferation of malware poses a formidable threat to the cyberspace landscape. Researchers have proffered a multitude of sophisticated defense mechanisms aimed at its detection and mitigation. Nevertheless, malware writers ...
Highlights- This work proposes a unified framework of PE malware evasion methods.
- We show how the malware writers can combine all evasion strategies together.
- We study the future outlook of malware evasion techniques.
- We outline the ...
Malware detection using adaptive data compression
AISec '08: Proceedings of the 1st ACM workshop on Workshop on AISecA popular approach in current commercial anti-malware software detects malicious programs by searching in the code of programs for scan strings that are byte sequences indicative of malicious code. The scan strings, also known as the signatures of ...
Malware Detection Method Focusing on Anti-debugging Functions
CANDAR '14: Proceedings of the 2014 Second International Symposium on Computing and NetworkingMalware has received much attention in recent years. Antivirus software is widely used as a countermeasure against malware. However, some kinds of malware can evade detection by antivirus software, hence, a new detection method is required. In this ...
Comments
Information & Contributors
Information
Published In
Copyright © 2021 Inderscience Enterprises Ltd.
Publisher
Inderscience Publishers
Geneva 15, Switzerland
Publication History
Published: 01 January 2021
Author Tags
Qualifiers
- Research-article
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- View Citations1Total Citations
- 0Total Downloads
- Downloads (Last 12 months)0
- Downloads (Last 6 weeks)0
Reflects downloads up to 30 Aug 2024
Other Metrics
Citations
Cited By
View all- Nasereddin MAl-Qassas R(2024)A new approach for detecting process injection attacks using memory analysisInternational Journal of Information Security10.1007/s10207-024-00836-w23:3(2099-2121)Online publication date: 1-Jun-2024
View Options
View options
Get Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in