Detecting Windows Based Exploit Chains by Means of Event Correlation and Process Monitoring
Journal article, Peer reviewed
Accepted version
Åpne
Permanent lenke
http://hdl.handle.net/11250/2624131Utgivelsesdato
2019Metadata
Vis full innførselSamlinger
Originalversjon
10.1007/978-3-030-12385-7_73Sammendrag
This article presents a novel algorithm for the detection of exploit chains in a Windows based environment. An exploit chain is a group of exploits that executes synchronously, in order to achieve the system exploitation. Unlike high-risk vulnerabilities that allow system exploitation using only one execution step, an exploit chain takes advantage of multiple medium and low risk vulnerabilities. These are grouped, in order to form a chain of exploits that when executed achieve the exploitation of the system. Experiments were performed to check the effectiveness of developed algorithm against multiple anti-virus/anti-malware solutions available in the market.