Digital Currency Features Oriented Fine-Grained Code Injection Attack Detection

被引：0

作者：

Sun C. ^{[1
]}

Li Z. ^{[1
,2
]}

Chen L. ^{[1
]}

Ma J. ^{[1
]}

Qiao X. ^{[1
]}

机构：

[1] School of Cyber Engineering, Xidian University, Xi'an

[2] HUAWEI Technologies Co., Ltd, Xi'an

来源：

Jisuanji Yanjiu yu Fazhan/Computer Research and Development | 2021年 / 58卷 / 05期

基金：

中国国家自然科学基金;

关键词：

Code injection attack; Digital currency; Machine learning; Memory forensics; Ransomware;

D O I：

10.7544/issn1000-1239.2021.20200937

中图分类号：

学科分类号：

摘要：

Digital currencies have developed rapidly and emerged as a critical form of our payment system. Consequently, the applications and platforms of digital currencies and their payment services are extensively exposed to various exploits by malware. In a typical scenario, modern ransomware usually leverages digital currencies as the medium of payment. The state-of-the-art code injection attack detections have rarely considered such digital currency-related memory features, thus can hardly identify the malicious behaviors of ransomware. To mitigate this issue, we propose a fine-grained scheme of memory forensics to facilitate the detection of host-based code injection attacks with the ability to identify ransomware. We capture the digital currency-related memory features exhibited in the procedure of inducing the victims' payment. We incorporate such memory features into a set of general memory features and implement a fine-grained detection system on code injection attacks. According to the experimental results, the new scheme of memory forensics effectively improves the performance of the state-of-the-art detection system on different metrics. Meanwhile, our approach enables the detection systems of host-based code injection attacks to capture the behaviors of ransomware precisely. Moreover, the extraction of the newly proposed memory features is efficient, and our detection system is capable of detecting unknown malware families. © 2021, Science Press. All right reserved.

引用

页码：1035 / 1044

页数：9

共 29 条

[1] Conti M, Gangwal A, Ruj S., On the economic significance of ransomware campaigns: A Bitcoin transactions perspective, Computers & Security, 79, pp. 162-189, (2018)
[2] Joseph D P, Norman J., Areview and analysis of ransomware using memory forensics and its tools, Smart Innovation, Systems and Technologies 159: Smart Intelligent Computing and Applications, pp. 505-514, (2020)
[3] Huang D Y, Aliapoulios M M, Li V G, Et al., Tracking ransomware end-to-end, Proc of 2018 IEEE Symp on Security and Privacy, pp. 618-631, (2018)
[4] Barabosch T, Gerhards-Padilla E., Host-based code injection attacks: A popular technique used by malware, Proc of the 9th Int Conf on Malicious and Unwanted Software (MALWARE), pp. 8-17, (2014)
[5] Choi H, Kim Y., Large-scale analysis of remote code injection attacks in android apps, Security and Communication Networks, (2018)
[6] Srivastava A, Giffin J., Automatic discovery of parasitic malware, LNCS 6307: Proc of Int Workshop on Recent Advances in Intrusion Detection (RAID), pp. 97-117, (2010)
[7] Snow K Z, Krishnan S, Monrose F, Et al., SHELLOS: Enablingfast detection and forensic analysis of code injection attacks, Proc of USENIX Security Symp, pp. 183-200, (2011)
[8] Barabosch T, Eschweiler S, Gerhards-Padilla E., Bee master: Detecting host-based code injection attacks, LNCS 8550: Proc of Int Conf on Detection of Intrusions and Malware, and Vulnerability Assessment, pp. 235-254, (2014)
[9] Wang Yi, Li Zhoujun, Guo Tao, Literal tainting method for preventing code injection attack in Web application, Journal of Computer Research and Development, 49, 11, pp. 2414-2423, (2012)
[10] Zhang Bingqi, Sun Wei, A PHP source-code SQL injection attack detection algorithm based on taint tracking, Journal of Information Security Research, 1, 2, pp. 140-148, (2015)

← 1 2 3 →