Title: Detecting PE infection-based malware

Authors: Chia-Mei Chen; Gu-Hsin Lai; Zheng-Xun Cai; Tzu-Ching Chang; Boyi Lee

Addresses: National Sun Yat-sen University, Kaohsiung 804, Taiwan ' Taiwan Police College, Taipei, 116, Taiwan ' National Sun Yat-sen University, Kaohsiung 804, Taiwan ' National Sun Yat-sen University, Kaohsiung 804, Taiwan ' National Sun Yat-sen University, Kaohsiung 804, Taiwan

Abstract: Organisations have employed multiple layers of defence mechanisms, while numerous attacks still take place every day. Malware is a major vehicle to perform attacks such as stealing confidential information, disrupting services, or sabotaging industrial systems. Attackers customise malware by advanced attack techniques, such as portable executable (PE) infection or dynamic link library (DLL) injection which inserts a malicious DLL to a benign program, to subvert defence systems. Advanced persistent threat (APT) attacks had intruded and not been discovered in high profile organisations; they are seeking for a solution to identify the malware. The behaviour of DLL injection sometimes occurs during execution; static analysis might not be able to capture it. To improve the detection performance, this study proposes a hybrid approach combining static and dynamic analysis to detect malware. The experimental results show that the proposed approach could detect malware efficiently and could flag unknown malware before the commercial anti-virus software.

Keywords: malware detection; DLL injection; advanced persistent threat.

DOI: 10.1504/IJSN.2021.117871

International Journal of Security and Networks, 2021 Vol.16 No.3, pp.191 - 199

Received: 24 Mar 2020
Accepted: 03 Oct 2020
Published online: 04 Oct 2021 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article