CFP last date
22 April 2024
Reseach Article

Detection of Malicious Code-Injection Attack Using Two Phase Analysis Technique

by D. Swathigavaishnave, R. Sarala
International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 45 - Number 18
Year of Publication: 2012
Authors: D. Swathigavaishnave, R. Sarala
10.5120/7016-9638

D. Swathigavaishnave, R. Sarala . Detection of Malicious Code-Injection Attack Using Two Phase Analysis Technique. International Journal of Computer Applications. 45, 18 ( May 2012), 8-14. DOI=10.5120/7016-9638

@article{ 10.5120/7016-9638,
author = { D. Swathigavaishnave, R. Sarala },
title = { Detection of Malicious Code-Injection Attack Using Two Phase Analysis Technique },
journal = { International Journal of Computer Applications },
issue_date = { May 2012 },
volume = { 45 },
number = { 18 },
month = { May },
year = { 2012 },
issn = { 0975-8887 },
pages = { 8-14 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume45/number18/7016-9638/ },
doi = { 10.5120/7016-9638 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-06T20:37:55.293281+05:30
%A D. Swathigavaishnave
%A R. Sarala
%T Detection of Malicious Code-Injection Attack Using Two Phase Analysis Technique
%J International Journal of Computer Applications
%@ 0975-8887
%V 45
%N 18
%P 8-14
%D 2012
%I Foundation of Computer Science (FCS), NY, USA
Abstract

In today's world code injection attack is a very big problem. Code injection attacks are to exploit software vulnerabilities and inject malicious code into target program. These malicious codes are normally referred as malware. Systems are vulnerable to the traditional attacks, and attackers continue to find new ways around existing protection mechanisms in order to execute their injected code. Malicious code detection is an obfuscation-deobfuscation game between malicious code writers and researchers working on malicious code detection. Malware writers obfuscate their malicious code to subvert the malicious code detectors, such as anti-virus software. Signature-based detection is the most commonly used method in commercial antivirus software. However, it fails to detect new malware. In this paper, we propose a two phase analysis technique. In first phase a malicious code with obfuscated techniques is detected by means of static analysis of instruction sequence. Phase II involves extracting opcode sequence from the dataset to construct a classification model and compare it to the output of phase I to identify it as malicious or benign.

References
  1. D. M. A. Hussain et al. (Eds. ): "Detecting Trojans Using Data Mining Techniques", CCIS 20, pp. 400–411, 2008. Springer-Verlag Berlin Heidelberg 2008.
  2. Carsten Willems, Thorsten Holz, Felix Freiling: "Toward Automated Dynamic Malware Analysis Using CWSandbox", IEEE Security and Privacy, vol. 5, no. 2, pp. 32-39, Mar/Apr, 2007.
  3. A. Lakhotia, E. U. Kumar, M. Vennable, "A Method for Detecting Obfuscated Calls in Malicious Binaries", IEEE transactions on Software Engineering, Vol 31, No 11, November (2006).
  4. Govindaraju. A, Faculty, Department of Computer Science, Master Thesis, "Exhaustive Statistical Analysis for Detection of Metamorphic Malware". San Jose State University, San Jose, CA (2010).
  5. Ding Yuxin*, Yuan Xuebing, Zhou Di, Dong Li, An Zhancha," Feature representation and selection in malicious code detection methods based on static system calls"Computers & Security (2011) ,article in press,science direct journal.
  6. Xinran Wang, Chi-Chun Pan, Peng Liu, and Sencun Zhu "SigFree: A Signature-Free Buffer Overflow Attack Blocker" ieee transactions on dependable and secure computing, vol. 7, no. 1, january-march 2010.
  7. IDA Pro Disassembler and Debugger, http://www. hex-rays. com.
  8. Raviraj Choudhary and Ravi Saharan malware Detection Using Data Mining Techniques" international Journal of InformationTechnology and Knowledge Management January-June 2012, Volume 5, No. 1, Pp. 85-88
  9. VXheavens http://vx. netlux. org
  10. Bilar. D," Statistical Structures: Fingerprinting malicious code through statistical opcode analysis", 3rd International Conference on Global E-Security, ICGeS 2007 (2007).
Index Terms

Computer Science
Information Sciences

Keywords

Obfuscation Techniques Static Analysis Classification Algorithm