A Solution for Early Detection and Negation of Code and DLL Injection Attacks of Malwares

Q: How can I download an article?

To download an article from SID, first log in to the site, search for the article title, and click on the 'Download Article' option.

Q: How can I download an ISI article?

To download an ISI article on SID, enter the keyword or article title in the search bar, view the relevant results, click on the desired article, and select the 'Download Article' option.

Q: How can I access the SID database?

To access the SID database, visit SID.ir, create an account, and log in to access scientific resources.

Q: Is downloading articles from SID free?

Some articles on SID are available for free, while others require payment. Details are specified on the article's page.

JAVAHERI D.; HOSSEINZADEH M.

Scientific Information Database (SID) - Trusted Source for Research and Academic Resources

Journal Paper

Paper Information

Journal: Advanced Defense Science and Technology Year:2020 | Volume:10 | Issue:4 Page(s): 393-406

Download Full-Text

مرکز اطلاعات علمی Scientific Information Database (SID) - Trusted Source for Research and Academic Resources

Persian Verion

View:

757

Download:

Cites:

Information Journal Paper

Title

A Solution for Early Detection and Negation of Code and DLL Injection Attacks of Malwares

Author(s)

JAVAHERI D. | HOSSEINZADEH M. | Issue Writer Certificate

Keywords

Malware AnalysisQ1

Spyware DetectionQ1

Code InjectionQ1

Self-defenseQ1

ObfuscationQ2

StealthQ1

Abstract

Malwares have grown drastically in recent years. Furthermore, the behavior of the newly produced malwares are getting more complex and shrewd. This paper present malware detection methods and especially focus on code and DLL injection attacks. Novel malwares try to obfuscate and hide their behavior through the injection of malicious code in allocated memory and binary file of trusted applications. By data mining on massive volume of malwares, the proposed method of the paper derive chain of API calls through installing logger hook at the kernel space of the operating system in order to model the malicious behavior of code/DLL injection based on linear regression function. The proposed method use association rules machine learning based on Apriori algorithm for early detection of attacks and is able to prevent completion of the attack by blocking remote thread creation. Finnaly, the accuracy of the proposed method is evaluated using dataset from valid references and the results are compared with available Antivirus tools under the same conditions. Results of the evaluation indicate that the proposed method can recognize code/DLL injection attacks by the accuracy of about 94%. Moreover, success coefficient of the proposed Self-defense system is evaluated of 88. 88% against real code/DLL injection attacks.

Cites

No record.

References

No record.

Cite

APA: Copy

JAVAHERI, D., & HOSSEINZADEH, M.. (2020). A Solution for Early Detection and Negation of Code and DLL Injection Attacks of Malwares. (JOURNAL OF ADVANCED DEFENCE SCIENCE AND TECHNOLOGY) JOURNAL OF PASSIVE DEFENCE SCIENCE AND TECHNOLOGY, 10(4 ), 393-406. SID. https://sid.ir/paper/167542/en

Vancouver: Copy

JAVAHERI D., HOSSEINZADEH M.. A Solution for Early Detection and Negation of Code and DLL Injection Attacks of Malwares. (JOURNAL OF ADVANCED DEFENCE SCIENCE AND TECHNOLOGY) JOURNAL OF PASSIVE DEFENCE SCIENCE AND TECHNOLOGY[Internet]. 2020;10(4 ):393-406. Available from: https://sid.ir/paper/167542/en

IEEE: Copy

D. JAVAHERI, and M. HOSSEINZADEH, “A Solution for Early Detection and Negation of Code and DLL Injection Attacks of Malwares,” (JOURNAL OF ADVANCED DEFENCE SCIENCE AND TECHNOLOGY) JOURNAL OF PASSIVE DEFENCE SCIENCE AND TECHNOLOGY, vol. 10, no. 4 , pp. 393–406, 2020, [Online]. Available: https://sid.ir/paper/167542/en

Related Journal Papers