Title :
Proposal of a Method Detecting Malicious Processes
Author :
Yamamoto, Takayuki ; Kawauchi, Kiyoto ; Sakurai, Satoshi
Author_Institution :
Inf. Technol. R&D Center, Mitsubishi Electr. Corp., Kamakura, Japan
Abstract :
Malwares´ communication detection methods based on communication characteristics have been proposed. However as malwares are getting more sophisticated and legitimate softwares´ communication is getting diverse, it becomes harder to correctly tell malwares´ communication and legitimate softwares´ communication apart. Therefore we propose a method to check whether a process generating suspicious communication is malicious or not. This method focuses on malwares which impersonate a legitimate process by injecting malicious codes into the process. This method extracts two process images. One is obtained from a process to be checked (target process) generating suspicious communication. The other is obtained by executing the same executable as the target process in a clean Virtual Machine. Then the two process images are compared to extract injected codes. Finally the codes are verified whether the codes are malicious or not.
Keywords :
invasive software; virtual machines; legitimate software communication; malicious codes; malicious process detection; malware communication detection methods; suspicious communication; virtual machine; Binary codes; Cryptography; Data mining; Malware; Organizations; Ports (Computers); Software; Malware; communication; process; code injection; memory analysis;
Conference_Titel :
Advanced Information Networking and Applications Workshops (WAINA), 2014 28th International Conference on
Conference_Location :
Victoria, BC
Print_ISBN :
978-1-4799-2652-7
DOI :
10.1109/WAINA.2014.164
