Abstract

Behavioral malware detection is based on attributing malicious actions to processes. Malicious processes may try to hide by changing the behavior of other benign processes to achieve their goals. We showcase how Component Object Model (COM) and Windows Management Instrumentation (WMI) can be used to create such spoofing attacks. We discuss the internals of COM and WMI and Asynchronous Local Procedure Call (ALPC). We present multiple functional monitoring techniques to identify the spoofing and discuss the strong and weak points of each technique. We create a robust process monitoring system that can correctly identify the source of malicious actions spoofed via COM, WMI and ALPC with a low performance impact. Finally, we discuss how malicious actors use COM, WMI and ALPC by examining real-world malware detected by our monitoring system.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Similar Papers

Paper Title
Journal
Date
Author
Guideline for Design of Cost Efficient and Robust Sensor Based Environmental Monitoring Systems
Tone Frost ... Anders Hermansen
-
Tone Frost, et. al.Tone Frost ... Anders Hermansen
11 Apr 2016
Chapter 3 - Behavioral malware detection and classification using deep learning approaches
T Poongodi ... P Suresh
Applications of Computational Intelligence in Multi-Disciplinary Research | VOL. -
T Poongodi, et. al.T Poongodi ... P Suresh
01 Jan 2021
An Approach to Detect Fileless Malware and Defend its Evasive mechanisms
B.N Sanjay ... R.B Akash
-
B.N Sanjay, et. al.B.N Sanjay ... R.B Akash
01 Dec 2018
Development of a machine learning based fileless malware filter system for cyber-security
Umaru C Obini ... Chukwu Jeremiah
Journal of the Nigerian Society of Physical Sciences | VOL. -
Umaru C Obini, et. al.Umaru C Obini ... Chukwu Jeremiah
29 Sep 2024
View more papers

More From: Sensors (Basel, Switzerland)

Paper Title
Journal
Date
Author
Experimental and Numerical Studies of the Temperature Field in a Dielectrophoretic Cell Separation Device Subject to Joule Heating.
Yoshinori Seki ... Shigeru Tada
Sensors (Basel, Switzerland) | VOL. 24
Yoshinori Seki, et. al.Yoshinori Seki ... Shigeru Tada
04 Nov 2024
Lower Limb Motion Recognition Based on sEMG and CNN-TL Fusion Model.
Zhiwei Zhou ... Bowen Li
Sensors (Basel, Switzerland) | VOL. 24
Zhiwei Zhou, et. al.Zhiwei Zhou ... Bowen Li
04 Nov 2024
A Review of Visual Estimation Research on Live Pig Weight.
Zhaoyang Wang ... Xuwen Li
Sensors (Basel, Switzerland) | VOL. 24
Zhaoyang Wang, et. al.Zhaoyang Wang ... Xuwen Li
04 Nov 2024
Evaluating Alternative Registration Planes in Imageless, Computer-Assisted Navigation Systems for Direct Anterior Total Hip Arthroplasty.
John E Farey ... William L Walter
Sensors (Basel, Switzerland) | VOL. 24
John E Farey, et. al.John E Farey ... William L Walter
04 Nov 2024
View more papers

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.