Unveiling the veiled: An early stage detection of fileless malware

IF 4.8 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security Pub Date : 2024-12-16 DOI:10.1016/j.cose.2024.104231

Narendra Singh, Somanath Tripathy

{"title":"Unveiling the veiled: An early stage detection of fileless malware","authors":"Narendra Singh, Somanath Tripathy","doi":"10.1016/j.cose.2024.104231","DOIUrl":null,"url":null,"abstract":"<div><div>The threat actors continuously evolve their tactics and techniques in a novel form to evade traditional security solutions. Fileless malware attacks are one such advancement, which operates directly within system memory, leaving no footprint on the disk, so became challenging to detect. Meanwhile, the current state-of-the-art approaches detect fileless attacks at the final (post-infection) stage, although, detecting attacks at an early-stage is crucial to prevent potential damage and data breaches. In this work, we propose an early-stage detection system named <em>Argus</em> to detect fileless malware at early-stage. <em>Argus</em> extracts key features from acquired memory dumps of suspicious processes in real-time and generates explained features. It then correlates the explained features with the MITRE ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) framework to identify fileless malware attacks before their operational stage. The experimental results show that <em>Argus</em> could successfully identify, 4356 fileless malware samples (out of 5026 samples) during the operational stage. Specifically, 2978 samples are detected in the pre-operational phase, while 1378 samples are detected in the operational phase.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"150 ","pages":"Article 104231"},"PeriodicalIF":4.8000,"publicationDate":"2024-12-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computers & Security","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0167404824005376","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

The threat actors continuously evolve their tactics and techniques in a novel form to evade traditional security solutions. Fileless malware attacks are one such advancement, which operates directly within system memory, leaving no footprint on the disk, so became challenging to detect. Meanwhile, the current state-of-the-art approaches detect fileless attacks at the final (post-infection) stage, although, detecting attacks at an early-stage is crucial to prevent potential damage and data breaches. In this work, we propose an early-stage detection system named Argus to detect fileless malware at early-stage. Argus extracts key features from acquired memory dumps of suspicious processes in real-time and generates explained features. It then correlates the explained features with the MITRE ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) framework to identify fileless malware attacks before their operational stage. The experimental results show that Argus could successfully identify, 4356 fileless malware samples (out of 5026 samples) during the operational stage. Specifically, 2978 samples are detected in the pre-operational phase, while 1378 samples are detected in the operational phase.

查看原文本刊更多论文

求助全文

约1分钟内获得全文求助全文

来源期刊

Computers & Security 工程技术-计算机：信息系统

CiteScore

12.40

自引率

7.10%

发文量

365

审稿时长

10.7 months

期刊介绍： Computers & Security is the most respected technical journal in the IT security field. With its high-profile editorial board and informative regular features and columns, the journal is essential reading for IT security professionals around the world. Computers & Security provides you with a unique blend of leading edge research and sound practical management advice. It is aimed at the professional involved with computer security, audit, control and data integrity in all sectors - industry, commerce and academia. Recognized worldwide as THE primary source of reference for applied research and technical expertise it is your first step to fully secure systems.