Code Injection, Process Hollowing, and API Hooking

Mohanta, Abhijit; Saldanha, Anoop

doi:10.1007/978-1-4842-6193-4_10

Cited by 8 publications

(2 citation statements)

References 0 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Once executed, the malware itself can use several well-known techniques to avoid runtime detection [11], [43], [59]. Evading runtime detection is orthogonal to our work, and interested readers are referred to relevant related works [47], [58].…”

Section: Self-extraction and Executionmentioning

confidence: 99%

MaleficNet: Hiding Malware into Deep Neural Networks Using Spread-Spectrum Channel Coding

Hitaj

Pagnotta

Hitaj

et al. 2022

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Training high-quality deep learning models is a challenging task due to computational and technical requirements. A growing number of individuals, institutions, and companies increasingly rely on pre-trained, third-party models made available in public repositories. These models are often used directly or integrated in product pipelines with no particular precautions, since they are effectively just data in tensor form and considered safe.In this paper, we raise awareness of a new machine learning supply chain threat targeting neural networks. We introduce MaleficNet 2.0, a novel technique to embed self-extracting, selfexecuting malware in neural networks. MaleficNet 2.0 uses spread-spectrum channel coding combined with error correction techniques to inject malicious payloads in the parameters of deep neural networks. MaleficNet 2.0 injection technique is stealthy, does not degrade the performance of the model, and is robust against removal techniques. We design our approach to work both in traditional and distributed learning settings such as Federated Learning, and demonstrate that it is effective even when a reduced number of bits is used for the model parameters. Finally, we implement a proof-of-concept self-extracting neural network malware using MaleficNet 2.0, demonstrating the practicality of the attack against a widely adopted machine learning framework.Our aim with this work is to raise awareness against these new, dangerous attacks both in the research community and industry, and we hope to encourage further research in mitigation techniques against such threats.

show abstract

Section: Self-extraction and Executionmentioning

confidence: 99%

MaleficNet: Hiding Malware into Deep Neural Networks Using Spread-Spectrum Channel Coding

Hitaj

Pagnotta

Hitaj

et al. 2022

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…Nevertheless, an operating system as a milieu does not sufficiently protect the individual running process of an application from the harmful behavior of malware. Stealth malware often employs a technique called 'process injection' to inject malicious code into a running process (Monnappa, 2018). 3 Once it lands in a target Windows machine, malware can use legitimate APIs provided by Windows to inject malicious code into the memory space of a running application and to execute that code.…”

Section: Study Of a Malware Infection Attackmentioning

confidence: 99%

Cybersecurity and Simondon's Concretization Theory:  Making Software More Like a Living Organism

Meng¹,

Burmeister²

2022

Matter (Barc.)

View full text Add to dashboard Cite

The cybersecurity crisis has destabilized the field of informatics and called many of its foundational beliefs into question. This paper argues that Gilbert Simondon’s theory of the origin and development of technical objects helps us identify faulty theoretical assumptions within computer science and cybersecurity. In particular, Simondon’s view is that the process of the ‘individuation’ of technical objects can have similarities with the development of living beings – a view that stands in stark contrast with hylomorphic and reductionist views of technical objects currently common in computer science. We argue that those common hylomorphic approaches to software development lead to excessive modularity in software applications, which in turn results in less secure systems. To investigate a new ontological basis of software security, we look to Simondon’s ontology to reconsider what makes a piece of software vulnerable in the first place, and we focus on two concepts in his general theory of ontogenesis – ‘individuation’ and ‘associated milieu’. By examining a case study of a malware infection attack, we show that the event of a cyberattack unleashes a ‘co-concretization’ process of software applications and their associated milieu, namely, their operating system. Both the application and the operating system evolve from an abstract form to a more concrete form by re-inventing their own interiors and re-orienting their relationship to each other. We argue that software development will be more secure if it takes inspiration from the development of living beings and refocuses on the dynamic reciprocal relationship between software applications and their technical and social environment.

show abstract

Collection of the Main Anti-Virus Detection and Bypass Techniques

Donadio

Guerard

Amor

2021

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Code Injection, Process Hollowing, and API Hooking

Cited by 8 publications

References 0 publications

MaleficNet: Hiding Malware into Deep Neural Networks Using Spread-Spectrum Channel Coding

MaleficNet: Hiding Malware into Deep Neural Networks Using Spread-Spectrum Channel Coding

Cybersecurity and Simondon's Concretization Theory:  Making Software More Like a Living Organism

Collection of the Main Anti-Virus Detection and Bypass Techniques

Contact Info

Product

Resources

About

Code Injection, Process Hollowing, and API Hooking

Cited by 8 publications

References 0 publications

MaleficNet: Hiding Malware into Deep Neural Networks Using Spread-Spectrum Channel Coding

MaleficNet: Hiding Malware into Deep Neural Networks Using Spread-Spectrum Channel Coding

Cybersecurity and Simondon's Concretization Theory: Making Software More Like a Living Organism

Collection of the Main Anti-Virus Detection and Bypass Techniques

Contact Info

Product

Resources

About

Cybersecurity and Simondon's Concretization Theory:  Making Software More Like a Living Organism