A Thread Chaining Attack for Bypassing a DLL Injection Monitoring System

Some malware prevention systems utilize whitelist-based access control schemes because they are more cost-efficient than traditional blacklist-based schemes and can countermeasure unknown attacks. However, whitelist-based access control schemes are vulnerable to DLL injection attacks that impersonat...

Full description

Saved in:
Bibliographic Details
Main Authors: Park, Jisu, Yoo, DaYeon, Yun, Nara, Lee, Jihoon, Kim, DaeYoub
Format: Conference Proceeding
Language:English
Subjects:
access control
Blocklists
Consumer electronics
dll injection
Malware
Monitoring
ransomware
whitelist
Online Access:Request full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Some malware prevention systems utilize whitelist-based access control schemes because they are more cost-efficient than traditional blacklist-based schemes and can countermeasure unknown attacks. However, whitelist-based access control schemes are vulnerable to DLL injection attacks that impersonate privileged applications. Monitoring suspicious thread creation has been proposed to solve this problem. However, this paper demonstrates that whitelist-based access control schemes are still weak to DLL injection attacks. Additionally, the process of bypassing such monitoring mechanisms is described.
ISSN:2158-4001
DOI:10.1109/ICCE59016.2024.10444377