Detecting PE infection-based malware Online publication date: Mon, 04-Oct-2021
by Chia-Mei Chen; Gu-Hsin Lai; Zheng-Xun Cai; Tzu-Ching Chang; Boyi Lee
International Journal of Security and Networks (IJSN), Vol. 16, No. 3, 2021
Abstract: Organisations have employed multiple layers of defence mechanisms, while numerous attacks still take place every day. Malware is a major vehicle to perform attacks such as stealing confidential information, disrupting services, or sabotaging industrial systems. Attackers customise malware by advanced attack techniques, such as portable executable (PE) infection or dynamic link library (DLL) injection which inserts a malicious DLL to a benign program, to subvert defence systems. Advanced persistent threat (APT) attacks had intruded and not been discovered in high profile organisations; they are seeking for a solution to identify the malware. The behaviour of DLL injection sometimes occurs during execution; static analysis might not be able to capture it. To improve the detection performance, this study proposes a hybrid approach combining static and dynamic analysis to detect malware. The experimental results show that the proposed approach could detect malware efficiently and could flag unknown malware before the commercial anti-virus software.
Existing subscribers:
Go to Inderscience Online Journals to access the Full Text of this article.
If you are not a subscriber and you just want to read the full contents of this article, buy online access here.Complimentary Subscribers, Editors or Members of the Editorial Board of the International Journal of Security and Networks (IJSN):
Login with your Inderscience username and password:
Want to subscribe?
A subscription gives you complete access to all articles in the current issue, as well as to all articles in the previous three years (where applicable). See our Orders page to subscribe.
If you still need assistance, please email subs@inderscience.com