Automate the tracing of Windows System Calls to identify malicious activities

Thumbnail Image

Files

Goenka_umbc_0434M_12016.pdf (351.24 KB)

Links to Files

Permanent Link

http://hdl.handle.net/11603/20915

Collections

UMBC Theses and Dissertations
UMBC Computer Science and Electrical Engineering Department
UMBC Graduate School
UMBC Student Collection

Author/Creator

Author/Creator ORCID

Date

2019-01-01

Type of Work

theses
Text
application:pdf

Department

Computer Science and Electrical Engineering

Program

Computer Science

Citation of Original Publication

Rights

Distribution Rights granted to UMBC by the author.
Access limited to the UMBC community. Item may possibly be obtained via Interlibrary Loan thorugh a local library, pending author/copyright holder's permission.
This item is likely protected under Title 17 of the U.S. Copyright Law. Unless on a Creative Commons license, for uses protected by Copyright Law, contact the copyright holder or the author.

Subjects

API hooking
Fileless Malware
Malware
Malware Analysis
system calls
Windows

Abstract

We describe the problems addressed by various malware or malicious applications on the Microsoft Windows Operating System. Our work focuses on automatic the dynamic malware analysis by intercepting Windows system calls that help to cover a larger range of malware, including the newly evolved fileless variants. Intercepting system calls allow us to monitor malicious activities in a way that malicious behavior can be easily identified without the manual efforts of disassembling binaries. The results will show how our work can help in automating the process of API Hooking for the open source community to detect Byzantine behaviors, rather than focusing on improving the detection mechanism.