Call for Paper - December 2020 Edition
IJCA solicits original research papers for the December 2020 Edition. Last date of manuscript submission is November 20, 2020. Read More

Detection of Malicious Code-Injection Attack Using Two Phase Analysis Technique

Print
PDF
International Journal of Computer Applications
© 2012 by IJCA Journal
Volume 45 - Number 18
Year of Publication: 2012
Authors:
D. Swathigavaishnave
R. Sarala
10.5120/7016-9638

D Swathigavaishnave and R Sarala. Article: Detection of Malicious Code-Injection Attack Using Two Phase Analysis Technique. International Journal of Computer Applications 45(18):8-14, May 2012. Full text available. BibTeX

@article{key:article,
	author = {D. Swathigavaishnave and R. Sarala},
	title = {Article: Detection of Malicious Code-Injection Attack Using Two Phase Analysis Technique},
	journal = {International Journal of Computer Applications},
	year = {2012},
	volume = {45},
	number = {18},
	pages = {8-14},
	month = {May},
	note = {Full text available}
}

Abstract

In today's world code injection attack is a very big problem. Code injection attacks are to exploit software vulnerabilities and inject malicious code into target program. These malicious codes are normally referred as malware. Systems are vulnerable to the traditional attacks, and attackers continue to find new ways around existing protection mechanisms in order to execute their injected code. Malicious code detection is an obfuscation-deobfuscation game between malicious code writers and researchers working on malicious code detection. Malware writers obfuscate their malicious code to subvert the malicious code detectors, such as anti-virus software. Signature-based detection is the most commonly used method in commercial antivirus software. However, it fails to detect new malware. In this paper, we propose a two phase analysis technique. In first phase a malicious code with obfuscated techniques is detected by means of static analysis of instruction sequence. Phase II involves extracting opcode sequence from the dataset to construct a classification model and compare it to the output of phase I to identify it as malicious or benign.

References

  • D. M. A. Hussain et al. (Eds. ): "Detecting Trojans Using Data Mining Techniques", CCIS 20, pp. 400–411, 2008. Springer-Verlag Berlin Heidelberg 2008.
  • Carsten Willems, Thorsten Holz, Felix Freiling: "Toward Automated Dynamic Malware Analysis Using CWSandbox", IEEE Security and Privacy, vol. 5, no. 2, pp. 32-39, Mar/Apr, 2007.
  • A. Lakhotia, E. U. Kumar, M. Vennable, "A Method for Detecting Obfuscated Calls in Malicious Binaries", IEEE transactions on Software Engineering, Vol 31, No 11, November (2006).
  • Govindaraju. A, Faculty, Department of Computer Science, Master Thesis, "Exhaustive Statistical Analysis for Detection of Metamorphic Malware". San Jose State University, San Jose, CA (2010).
  • Ding Yuxin*, Yuan Xuebing, Zhou Di, Dong Li, An Zhancha," Feature representation and selection in malicious code detection methods based on static system calls"Computers & Security (2011) ,article in press,science direct journal.
  • Xinran Wang, Chi-Chun Pan, Peng Liu, and Sencun Zhu "SigFree: A Signature-Free Buffer Overflow Attack Blocker" ieee transactions on dependable and secure computing, vol. 7, no. 1, january-march 2010.
  • IDA Pro Disassembler and Debugger, http://www. hex-rays. com.
  • Raviraj Choudhary and Ravi Saharan malware Detection Using Data Mining Techniques" international Journal of InformationTechnology and Knowledge Management January-June 2012, Volume 5, No. 1, Pp. 85-88
  • VXheavens http://vx. netlux. org
  • Bilar. D," Statistical Structures: Fingerprinting malicious code through statistical opcode analysis", 3rd International Conference on Global E-Security, ICGeS 2007 (2007).