Hinweis zum Urheberrecht| Allgemeine Informationen | FAQ
Beim Zitieren dieses Dokumentes beziehen Sie sich bitte immer auf folgende URN: urn:nbn:de:hbz:5n-52402

 

Mathematisch-Naturwissenschaftliche Fakultät - Jahrgang 2018

 

Titel Formalization and Detection of Host-Based Code Injection Attacks in the Context of Malware
Autor Thomas Felix Barabosch
Publikationsform Dissertation
Abstract The Host-Based Code Injection Attack (HBCIAs) is a technique that malicious software utilizes in order to avoid detection or steal sensitive information. In a nutshell, this is a local attack where code is injected across process boundaries and executed in the context of a victim process. Malware employs HBCIAs on several operating systems including Windows, Linux, and macOS. This thesis investigates the topic of HBCIAs in the context of malware. First, we conduct basic research on this topic. We formalize HBCIAs in the context of malware and show in several measurements, amongst others, the high prevelance of HBCIA-utilizing malware. Second, we present Bee Master, a platform-independent approach to dynamically detect HBCIAs. This approach applies the honeypot paradigm to operating system processes. Bee Master deploys fake processes as honeypots, which are attacked by malicious software. We show that Bee Master reliably detects HBCIAs on Windows and Linux. Third, we present Quincy, a machine learning-based system to detect HBCIAs in post-mortem memory dumps. It utilizes up to 38 features including memory region sparseness, memory region protection, and the occurence of HBCIA-related strings. We evaluate Quincy with two contemporary detection systems called Malfind and Hollowfind. This evaluation shows that Quincy outperforms them both. It is able to increase the detection performance by more than eight percent.
Inhaltsverzeichnis pdf-Dokument Hier können Sie den Adobe Acrobat Reader downloaden
Komplette Version pdf-Dokument (8,5 MB) Hier können Sie den Adobe Acrobat Reader downloaden
© Universitäts- und Landesbibliothek Bonn | Veröffentlicht: 31.10.2018