This paper investigates software attacks based on shellcode injection in Windows applications. The attack uses platform invoke to inject binary code by means of system calls. This creates a separate threat that carries the payload. The paper overviews protections against shellcode injection and thus analyzes the injection methods as well. Analysis models the injection of malicious code in a Windows app process. As a result, the paper proposes a step-by-step injection method. Experimental injection of user code in PowerShell is performed to test the method. The paper further shows the assembly code of the system call as an example of finding their IDs in the global system call table; it also shows part of the source code for the injection of binary executable code. Various counterattacks are proposed in the form of software control modules based on architecture drivers. The paper analyzes the feasibility of using dynamic invoke, which the authors plan to do later on.
The article discusses modern classes of algorithms used to detect anomalies in data streams: slidingwindow algorithm, metric algorithms, predictive-based algorithms, and algorithms based on hiddenMarkov models. During the research, it was possible to determine functional and efficiency criteriafor assessing the class of algorithms and then comparing it with other considered classes. In addition,for each class of methods, strengths and weaknesses are given, the scope is described, and a generalizedexample of implementation in the form of pseudo code is given. The use of this approach makesit possible to cover entire groups of algorithms without reference to a specific implementation. Theconclusions obtained as a result of the research can be applied solving problems of optimizing theprocess of detecting anomalies or increasing the efficiency of applied solutions used in these scenarios.The resulting calculations allow further development and optimization of methods in this areafor unlabeled fixed data sets.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.