A Survey on Function and System Call Hooking Approaches

López, Juan Pablo Berrío; Babun, Leonardo; Aksu, Hidayet; Uluagac, A. Selcuk

doi:10.1007/s41635-017-0013-2

Cited by 36 publications

(13 citation statements)

References 21 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In order to see the effects of different amount of obfuscations, we firstly obfuscated 25% of the function names in the source and header files of Webminerpool. Then, we increased the number of function names to 50%, 75%, and finally, to 100% in which every function name was obfuscated, excluding C memory management functions (i.e., memset, memcpy, malloc and free) [38], [39], [40]. Figure 7 shows the gray-scale image representations of the resulting miner samples.…”

Section: E Minos Against Obfuscationmentioning

confidence: 99%

MINOS: A Lightweight Real-Time Cryptojacking Detection System

Naseem¹,

Arış²,

Babun³

et al. 2021

Proceedings 2021 Network and Distributed System Security Symposium

Self Cite

View full text Add to dashboard Cite

Emerging WebAssembly(Wasm)-based cryptojacking malware covertly uses the computational resources of users without their consent or knowledge. Indeed, most victims of this malware are unaware of such unauthorized use of their computing power due to techniques employed by cryptojacking malware authors such as CPU throttling and obfuscation. A number of dynamic analysis-based detection mechanisms exist that aim to circumvent such techniques. However, since these mechanisms use dynamic features, the collection of such features, as well as the actual detection of the malware, require that the cryptojacking malware run for a certain amount of time, effectively mining for that period, and therefore causing significant overhead. To solve these limitations, in this paper, we propose MINOS, a novel, extremely lightweight cryptojacking detection system that uses deep learning techniques to accurately detect the presence of unwarranted Wasm-based mining activity in real-time. MINOS uses an image-based classification technique to distinguish between benign webpages and those using Wasm to implement unauthorized mining. Specifically, the classifier implements a convolutional neural network (CNN) model trained with a comprehensive dataset of current malicious and benign Wasm binaries. MINOS achieves exceptional accuracy with a low TNR and FPR. Moreover, our extensive performance analysis of MINOS shows that the proposed detection technique can detect mining activity instantaneously from the most current in-the-wild cryptojacking malware with an accuracy of 98.97%, in an average of 25.9 milliseconds while using a maximum of 4% of the CPU and 6.5% of RAM, proving that MINOS is highly effective while lightweight, fast, and computationally inexpensive. * Minos is the beast in Dante's Divine Comedy that acts as a judge in underworld and decides which layer of the hell the sinner goes to.

show abstract

Section: E Minos Against Obfuscationmentioning

confidence: 99%

MINOS: A Lightweight Real-Time Cryptojacking Detection System

Naseem¹,

Arış²,

Babun³

et al. 2021

Proceedings 2021 Network and Distributed System Security Symposium

Self Cite

View full text Add to dashboard Cite

show abstract

“…Hooking can be defined as the interception of specific functions or system calls to monitor and/or alter its execution [19]. As previously discussed, hooking can be undertaken in the event that one does not have the source code, but there is a need to determine which API calls, subroutines are called from a given process.…”

Section: Hookingmentioning

confidence: 99%

“…We refer readers interested in other methods for kernel-level hooking, such as hooking the System Service Descriptor and the Interrupt Descriptor Table , to existing literature such as [26,27,19,28].…”

Section: Hookingmentioning

confidence: 99%

Resurrecting anti-virtualization and anti-debugging: Unhooking your hooks

Αποστολόπουλος

Katos

Choo

et al. 2021

Future Generation Computer Systems

View full text Add to dashboard Cite

“…Other work has focused on IoT security aspects, such as the survey by Deogirikar et al, which focused specifically on known IoT attacks [341]. Individually, as early as 2013, works have highlighted threats in smart devices, and how attackers always search for new, unexplored threat vectors [5]- [7], [9], [11]- [14]. However, very little ongoing research has focused on specific vulnerabilities targeting E-IoT systems or proprietary technologies.…”

Section: Related Workmentioning

confidence: 99%

Survey on Enterprise Internet-of-Things Systems (E-IoT): A Security Perspective

Rondon¹,

Babun²,

Arış³

et al. 2021

Preprint

Self Cite

View full text Add to dashboard Cite

As technology becomes more widely available, millions of users worldwide have installed some form of smart device in their homes or workplaces. These devices are often off-theshelf commodity systems, such as Google Home or Samsung SmartThings, that are installed by end-users looking to automate a small deployment. In contrast to these "plug-and-play" systems, purpose-built Enterprise Internet-of-Things (E-IoT) systems such as Crestron, Control4, RTI, Savant offer a smart solution for more sophisticated applications (e.g., complete lighting control, A/V management, security). In contrast to commodity systems, E-IoT systems are usually closed source, costly, require certified installers, and are overall more robust for their use cases. Due to this, E-IoT systems are often found in expensive smart homes, government and academic conference rooms, yachts, and smart private offices. However, while there has been plenty of research on the topic of commodity systems, no current study exists that provides a complete picture of E-IoT systems, their components, and relevant threats. As such, lack of knowledge of E-IoT system threats, coupled with the cost of E-IoT systems has led many to assume that E-IoT systems are secure. To address this research gap, raise awareness on E-IoT security, and motivate further research, this work emphasizes E-IoT system components, E-IoT vulnerabilities, solutions, and their security implications. In order to systematically analyze the security of E-IoT systems, we divide E-IoT systems into four layers: E-IoT Devices Layer, Communications Layer, Monitoring and Applications Layer, and Business Layer. We survey attacks and defense mechanisms, considering the E-IoT components at each layer and the associated threats. In addition, we present key observations in state-of-the-art E-IoT security and provide a list of open research problems that need further research.

show abstract

A Survey on Function and System Call Hooking Approaches

Cited by 36 publications

References 21 publications

MINOS: A Lightweight Real-Time Cryptojacking Detection System

MINOS: A Lightweight Real-Time Cryptojacking Detection System

Resurrecting anti-virtualization and anti-debugging: Unhooking your hooks

Survey on Enterprise Internet-of-Things Systems (E-IoT): A Security Perspective

Contact Info

Product

Resources

About