Detecting Windows Based Exploit Chains by Means of Event Correlation and Process Monitoring
Journal article, Peer reviewed
Accepted version

View/ Open
Date
2019Metadata
Show full item recordCollections
Original version
10.1007/978-3-030-12385-7_73Abstract
This article presents a novel algorithm for the detection of exploit chains in a Windows based environment. An exploit chain is a group of exploits that executes synchronously, in order to achieve the system exploitation. Unlike high-risk vulnerabilities that allow system exploitation using only one execution step, an exploit chain takes advantage of multiple medium and low risk vulnerabilities. These are grouped, in order to form a chain of exploits that when executed achieve the exploitation of the system. Experiments were performed to check the effectiveness of developed algorithm against multiple anti-virus/anti-malware solutions available in the market.