API monitoring system for defeating worms and exploits in MS-Windows system

  • Authors:

  • Hung-Min Sun;Yue-Hsun Lin;Ming-Fung Wu

  • Affiliations:

  • Department of Computer Science, National Tsing-Hua University, Hsinchu, Taiwan;Department of Computer Science, National Tsing-Hua University, Hsinchu, Taiwan;Department of Computer Science, National Tsing-Hua University, Hsinchu, Taiwan

  • Venue:
  • ACISP'06 Proceedings of the 11th Australasian conference on Information Security and Privacy
  • Year:
  • 2006

Quantified Score

Hi-index 0.00

Visualization

Abstract

Worms and Exploits attacks are currently the most prevalent security problems; they are responsible for over half of the CERT advisories issued in the last three years. To initiate an infection or intrusion, both of them inject a small piece of malicious code (ShellCode) into software through buffer or heap overflow vulnerabilities. Unlike Unix-like operating systems, ShellCodes for Microsoft Windows system need more complex steps to acquire Win32 API calls from DLL file (Dynamic Load Library) in Microsoft Windows. In this paper, we proposed an effective API monitoring system to get rid of worms and exploits attacks for the Microsoft Windows without hardware support. We address the problem by noticing that ShellCodes need the extra complex steps in accessing Win32 API calls. Through the API monitoring system we purposed, we can successfully stop the attacks made by worms and exploits. Moreover, the efficiency of Win32 API Calls hooking and monitoring system can be improved. Incapability to disassemble and analysis the protected software processes are overcome as well.