Wataru Matsuda scite author profile

In targeted attacks, various malicious tools are leveraged by attackers. According to the Cybersecurity and Infrastructure Security Agency (CISA), tools such as China Chopper, Mimikatz, PowerShell Empire, and HUC Packet Transmitter are used in targeted attacks. Standard malware detection methods include those based on file names or hashes. However, attackers tend to avoid detection by changing the file name of malicious tools or by rebuilding them. Therefore, detecting malicious tools used in targeted attacks is difficult. We found that the order of Windows built-in DLLs loaded by each malicious tool has unique characteristics. In this study, we propose a detection method of malicious tools by analyzing DLL information using deep learning, considering the DLL and its order of loading by each process. We confirmed that even if the file names are changed or tools are rebuilt, our proposed method could detect the mentioned four tools with high detection rates: with a recall rate of 97.45%, a precision rate of 97.29%, and F value of 97.37% on average. Furthermore, the proposed method can detect malicious tools with more than a 90% detection rate, even if about 10% of loaded DLLs are changed in the future.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Wataru Matsuda

Real-Time Detection System Against Malicious Tools by Monitoring DLL on Client Computers

Detecting APT Attacks Against Active Directory Using Machine Leaning

Cyber Security Risk Assessment on Industry 4.0 using ICS testbed with AI and Cloud

Detecting Abuse of Domain Administrator Privilege Using Windows Event Log

Detection of Malicious Tools by Monitoring DLL Using Deep Learning

Contact Info

Product

Resources

About