Endpoint Detection and Response for Fileless Malware and LOLBin Threats

Endpoint Detection and Response for Fileless Malware and LOLBin Threats

연구 분야: Safety

학회: 2024 15th International Conference on Computing Communication and Networking Technologies (ICCCNT)

The escalating threat posed by fileless attacks and Living-off-the-Land (LotL) techniques underscores the need for advanced detection mechanisms in cybersecurity. Fileless attacks circumvent traditional antivirus detection by operating within system memory, leveraging trusted tools and evading scrutiny. Concurrently, LotL attacks utilize system-integrated binaries to infiltrate and persist within systems, challenging detection methodologies. This study addresses these challenges by proposing a novel method for identifying Living off-the-land binaries and fileless malware patterns. Leveraging behavioral analysis in conjunction with YARA rules, the approach involves developing a script, for malicious instances and events in the system. Executing the script in controlled environments with malware simulations, the script demonstrated promising capabilities in detecting the malwares.