Programming Applications for Microsoft Windows with Cdrom
Programming Applications for Microsoft Windows with Cdrom
Randomized instruction set emulation to disrupt binary code injection attacks
Proceedings of the 10th ACM conference on Computer and communications security
Detection of injected, dynamically generated, and obfuscated malicious code
Proceedings of the 2003 ACM workshop on Rapid malcode
Beyond Stack Smashing: Recent Advances in Exploiting Buffer Overruns
IEEE Security and Privacy
IEEE Security and Privacy
Worm Propagation and Generic Attacks
IEEE Security and Privacy
Hybrid engine for polymorphic shellcode detection
DIMVA'05 Proceedings of the Second international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
How to hook worms [computer network security]
IEEE Spectrum
Signature Generation and Detection of Malware Families
ACISP '08 Proceedings of the 13th Australasian conference on Information Security and Privacy
Extending applications using an advanced approach to DLL injection and API hooking
Software—Practice & Experience
MEDUSA: MEtamorphic malware dynamic analysis usingsignature from API
Proceedings of the 3rd international conference on Security of information and networks
Classification of polymorphic and metamorphic malware samples based on their behavior
Proceedings of the Fifth International Conference on Security of Information and Networks
Hi-index | 0.00 |
Worms and Exploits attacks are currently the most prevalent security problems; they are responsible for over half of the CERT advisories issued in the last three years. To initiate an infection or intrusion, both of them inject a small piece of malicious code (ShellCode) into software through buffer or heap overflow vulnerabilities. Unlike Unix-like operating systems, ShellCodes for Microsoft Windows system need more complex steps to acquire Win32 API calls from DLL file (Dynamic Load Library) in Microsoft Windows. In this paper, we proposed an effective API monitoring system to get rid of worms and exploits attacks for the Microsoft Windows without hardware support. We address the problem by noticing that ShellCodes need the extra complex steps in accessing Win32 API calls. Through the API monitoring system we purposed, we can successfully stop the attacks made by worms and exploits. Moreover, the efficiency of Win32 API Calls hooking and monitoring system can be improved. Incapability to disassemble and analysis the protected software processes are overcome as well.