University of Twente Student Theses

Login

Analyzing Victim Process Behaviors Post Code Injection

Mesaretzidis, Spyridon (2024) Analyzing Victim Process Behaviors Post Code Injection.

[img] PDF
2MB
Abstract:Amongst other methods, malware uses code injection to propagate itself. Like any other technology method, new methods frequently arise. These advances lend themselves to new strains, which are accompanied by a lack of accurate detection mechanisms as well as a lack of understanding regarding the behavior of the infected processes that take post code injection. In this research, we examine the behavior of processes that are targets of code injection malware post-exploitation. To this end, We utilize the Virus Total dataset. We divide the data set according to the type of code injection utilized to determine which actions are taken by the infected processes after code injection. Subsequently, we determine their common action targets and extract any IP geo-location information from the observed network traffic. We observed heightened counts of behavioral metrics with operations revolving around the file system exhibiting more distinct behavior. Behavior revolving around IP and UDP processes did not exhibit any profound findings.
Item Type:Essay (Master)
Faculty:EEMCS: Electrical Engineering, Mathematics and Computer Science
Programme:Computer Science MSc (60300)
Link to this item:https://purl.utwente.nl/essays/104700
Export this item as:BibTeX
EndNote
HTML Citation
Reference Manager

 

Repository Staff Only: item control page