Multiple Memory Image Instances Stratagem to Detect Fileless Malware

Multiple Memory Image Instances Stratagem to Detect Fileless Malware

연구 분야: Strategies

학회: International Conference on Advancements in Smart Computing and Information Security

Fileless malware is sneaky and sophisticated, it uses trusted pre-installed applications to steal information and carry out its harmful purpose. The prevalence of file-less malware is on the rise, which exclusively relies on legitimate programs for infection and leaves no trace in the file system. This type of malware is frequently adept at bypassing antivirus software. Fileless malware is estimated to have a high detection evasion rate, like 10 times than other types of malwares. The collection and analysis of volatile memory represent a dynamic field of research in cybersecurity, providing valuable insights into various malicious vectors. The proposed work explores memory forensics, using multiple images from memory of a system at various time schedules to identify and analyze the prevalence of fileless malware. The approach aims to overcome the constraints of traditional memory analysis, which typically relies on a single memory image. The results depict the efficiency of the proposed method in enhancing the detection accuracy and reducing false positives.