scholarly journals Behavioral analysis of malicious code through network traffic and system call monitoring

2011 ◽  
Author(s):  
André R. A. Grégio ◽  
Dario S. Fernandes Filho ◽  
Vitor M. Afonso ◽  
Rafael D. C. Santos ◽  
Mario Jino ◽  
...  
Keyword(s):  
Network Traffic ◽  
Malicious Code ◽  
Behavioral Analysis ◽  
System Call ◽  
Call Monitoring

System Call Monitoring Using Authenticated System Calls

2006 ◽  
Vol 3 (3) ◽  
pp. 216-229 ◽  
Author(s):  
M. Rajagopalan ◽  
M.A. Hiltunen ◽  
T. Jim ◽  
R.D. Schlichting
Keyword(s):  
System Call ◽  
System Calls ◽  
Call Monitoring

scholarly journals Testing Platform Invoke as a Tool for Shellcode Injection in Windows Applications

2021 ◽  
Vol 2096 (1) ◽  
pp. 012048
Author(s):  
V K Fedorov ◽  
E G Balenko ◽  
N V Gololobov ◽  
K E Izrailov
Keyword(s):  
Binary Code ◽  
Source Code ◽  
Malicious Code ◽  
System Call ◽  
System Calls ◽  
Injection Methods ◽  
Windows Applications ◽  
Control Modules ◽  
Analysis Models ◽  
Software Attacks

Abstract This paper investigates software attacks based on shellcode injection in Windows applications. The attack uses platform invoke to inject binary code by means of system calls. This creates a separate threat that carries the payload. The paper overviews protections against shellcode injection and thus analyzes the injection methods as well. Analysis models the injection of malicious code in a Windows app process. As a result, the paper proposes a step-by-step injection method. Experimental injection of user code in PowerShell is performed to test the method. The paper further shows the assembly code of the system call as an example of finding their IDs in the global system call table; it also shows part of the source code for the injection of binary executable code. Various counterattacks are proposed in the form of software control modules based on architecture drivers. The paper analyzes the feasibility of using dynamic invoke, which the authors plan to do later on.

scholarly journals Botnet C&C Traffic and Flow Lifespans Using Survival Analysis

2017 ◽  
Vol 6 (1) ◽  
pp. 38 ◽  
Author(s):  
Vaclav Oujezsky ◽  
Tomas Horvath ◽  
Vladislav Skorpil
Keyword(s):  
Survival Analysis ◽  
Network Traffic ◽  
Time Course ◽  
Behavioral Analysis ◽  
Data Networks ◽  
Rigorous Testing ◽  
The Individual ◽  
Unwanted Traffic

This paper addresses the issue of detecting unwanted traffic in data networks, namely the detection of botnet networks. In this paper, we focused on a time behavioral analysis, more specifically said – lifespans of a simulated botnet network traffic, collected and discovered from NetFlow messages, and also of real botnet communication of a malware.As a method we chose survival analysis and for rigorous testing of differences Mantel–Cox test. Lifespans of those referred traffics are discovered and calculated by lifelines using Python language.Based on our research we have figured out a possibility to distinguish the individual lifespans of C&C communications that are identical to each other by using survival projection curves, although it occurred in a different time course.

Sign in / Sign up

Export Citation Format

Share Document