Detecting Windows Based Exploit Chains by Means of Event Correlation and Process Monitoring
Journal article, Peer reviewed
Accepted version
![Thumbnail](/ntnu-xmlui/bitstream/handle/11250/2624131/Detecting%2bWindows%2bBased%2bExploit%2bChains%2bby%2bMeans%2bof%2bEvent%2bCorrelation%2band%2bProcess%2bMonitoring-7.pdf.jpg?sequence=5&isAllowed=y)
Åpne
Permanent lenke
http://hdl.handle.net/11250/2624131Utgivelsesdato
2019Metadata
Vis full innførselSamlinger
Originalversjon
10.1007/978-3-030-12385-7_73Sammendrag
This article presents a novel algorithm for the detection of exploit chains in a Windows based environment. An exploit chain is a group of exploits that executes synchronously, in order to achieve the system exploitation. Unlike high-risk vulnerabilities that allow system exploitation using only one execution step, an exploit chain takes advantage of multiple medium and low risk vulnerabilities. These are grouped, in order to form a chain of exploits that when executed achieve the exploitation of the system. Experiments were performed to check the effectiveness of developed algorithm against multiple anti-virus/anti-malware solutions available in the market.