Detection of Malicious Tools by Monitoring DLL Using Deep Learning

Matsuda, Wataru; Fujimoto, Mariko; Mitsunaga, Takuho

doi:10.2197/ipsjjip.28.1052

Cited by 5 publications

(2 citation statements)

References 17 publications

(33 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…By collecting events generated via Windows Event Collection or SIEM agents and analyzing them, it's possible to identify malicious or anomalous activities, including lateral movement. Matsuda et al (2019Matsuda et al ( , 2020 proposed a real-time detection system for targeted attacks based on Window Sysmon logs (Microsoft, 2022) to obtain DLL information. Their later research achieved a high detection rate of 90% even if the DLL was changed by about 10% using deep learning analysis.…”

Section: Sysmon and Lateral Movement Detectionmentioning

confidence: 99%

Predicting and Visualizing Lateral Movements Based on ATT&CK and Quantification Theory Type 3

Okada,

Katano,

Kozai

et al. 2024

Journal of Cases on Information Technology

Self Cite

View full text Add to dashboard Cite

When a cyber incident occurs, organizations need to identify the attack's impacts. They have to investigate potentially infected devices as well as certainly infected devices. However, as an organization's network expands, it is difficult to investigate all devices. In addition, the cybersecurity workforce shortage has risen, so organizations need to respond to incidents efficiently with limited human resources. To solve this problem, this paper proposes a tool to assist an incident response team. It can visualize ATT&CK techniques attacker used and, furthermore, detect lateral movements efficiently. The tool consists of two parts: a web application that extracts ATT&CK techniques from logs and a lateral movement detection system. The web application was implemented and could map the collected logs obtained from an actual Windows device to the ATT&CK matrix. Furthermore, actual lateral movements were performed in an experimental environment that imitated an organizational network, and the proposed detection system could detect them.

show abstract

Section: Sysmon and Lateral Movement Detectionmentioning

confidence: 99%

Predicting and Visualizing Lateral Movements Based on ATT&CK and Quantification Theory Type 3

Okada,

Katano,

Kozai

et al. 2024

Journal of Cases on Information Technology

Self Cite

View full text Add to dashboard Cite

show abstract

“…Ha et al (2018) conducted a study to block the execution of malicious DLLs by learning API statistics for malicious DLLs [21]. In addition, Matsuda et al (2020) investigated various methods based on DLL data and proved a recall result of 97.45% for the malware detection rate using a deep learning algorithm [22]. This technique is highly accurate because it detects based on linear algebra values such as statistical estimation and regression analysis based on machine learning.…”

Section: Related Workmentioning

confidence: 99%

Detection and Blocking Method against DLL Injection Attack Using PEB-LDR of ICS EWS in Smart IoT Environments

Kim¹,

Kim²,

Shin³

2022

Journal of Internet Technology

View full text Add to dashboard Cite

<p>Modern Industrial Control System (ICS) can provide vast functions as the introduction of IT technology is established along with the introduction of the IoT environment. Engineering Workstation (EWS) used by ICS is widely used to efficiently manage and control industrial devices including smart IoT devices. However, the DLL injection attack in ICS is not high in difficulty compared to the risk, but it can cause fatal malfunction. If an attack is carried out targeting the EWS, it may cause erroneous operation in many control devices, including IoT devices, cause fatal accidents throughout the Supervisory Control and Data Acquisition (SCADA) system. In this paper, we present a method to detect DLL injection attacks by specializing in EWS used in ICS in IoT environment and purpose a method to detect data changes due to DLL injection attacks by analyzing and utilizing PEB-LDR data. Also, we purpose a method to detect and block execution when a malicious DLL is suspected to be loaded by DLL injection.</p> <p> </p>

show abstract

A comprehensive analysis combining structural features for detection of new ransomware families

Moreira,

Sales

2024

Journal of Information Security and Applications

View full text Add to dashboard Cite

Detection of Malicious Tools by Monitoring DLL Using Deep Learning

Cited by 5 publications

References 17 publications

Predicting and Visualizing Lateral Movements Based on ATT&CK and Quantification Theory Type 3

Predicting and Visualizing Lateral Movements Based on ATT&CK and Quantification Theory Type 3

Detection and Blocking Method against DLL Injection Attack Using PEB-LDR of ICS EWS in Smart IoT Environments

A comprehensive analysis combining structural features for detection of new ransomware families

Contact Info

Product

Resources

About