Figure 2 - available via license: CC BY
Content may be subject to copyright.
Relationships among EAX register (a 32-bit processor register of x86 CPUs), service descriptor table (SDT), and system service. dispatch table (SSDT)1.
Source publication
Nowadays, antivirus is one of the most popular tools used to protect computer systems. Diverse antivirus vendors are established to protect their customers against malware. However, antivirus is facing some critical problems, such as significant detection windows, vulnerability inside antivirus, and long scanning time. In this paper, we recommend a...
Contexts in source publication
Context 1
... service descriptor tables hold a critical kernel structure called SystemServiceTable to record important information about an SSDT. Figure 2 illustrates how the EAX register and service descriptor tables are used to find the entry point of a service routine. Two SSTs are declared in KeServiceDescriptorTableShadow. ...
Context 2
... service descriptor tables hold a critical kernel structure called SystemServiceTable to record important information about an SSDT. Figure 2 illustrates how the EAX register and service descriptor tables are used to find the entry point of a service routine. Two SSTs are declared in KeServiceDescriptorTableShadow. ...
Context 3
... WP flag is set to 0, the read-only memory can be written to in kernel mode. On the other hand, if WP flag is set to 1, the Figure 2. Relationships among EAX register (a 32-bit processor register of x86 CPUs), service descriptor table (SDT), and system service dispatch table (SSDT)1. ...
Similar publications
Android malware poses serious security and privacy threats to the mobile users. Traditional malware detection and family classification technologies are becoming less effective due to the rapid evolution of the malware landscape, with the emerging of so-called zero-day-family malware families. To address this issue, our paper presents a novel resea...
Citations
... The use of antivirus causes non-trivial overhead. It usually takes several hours to scan the host (Hsu, Lee, Luo and Chang, 2019). A Virtual Private Network (VPN) is an encrypted network connection between private networks over a public network (Zeeshan, 2018). ...
The Nunukan District Court currently uses technology and information systems to improve services to the community. However, the use of technology and information systems is not accompanied by the application of technology and information system security. This makes the Nunukan District Court vulnerable to attacks and threats such as viruses, phishing, DDoS and others. To overcome this, in this research, a design was made for the implementation of the Next-Generation Firewall which functions to protect information technology and systems in the Nunukan District Court from threats and attacks on technology and information systems. From the results of tests conducted at the Nunukan District Court, the Next-Generation Firewall can prevent attacks and threats carried out in testing. Not only that, this study also found an increase in network performance at the Nunukan District Court. Several features were implemented, such as web filters, antivirus, IPS and antiDDoS, which were seen to be able to prevent attacks and threats to the information system used at the Nunukan District Court. The implementation of the applied design also makes the firewall resource device at the Nunukan District Court unburdened because it offloads the security scanning function to the NGFW device in the cloud which causes an increase in internet access performance.
... We were able to prove such behavior by creating a harmless PowerShell code to just display a "hello world" message and obfuscating the file using AES; this file was also detected as malicious by several antivirus programs. The file was uploaded to VirusTotal [77,78] on 18 May 2021, and it was labeled as malicious by 9 antivirus programs. ...
The detection and classification of threats in computer systems has been one of the main problems researched in Cybersecurity. As technology evolves, the tactics employed by adversaries have also become more sophisticated to evade detection systems. In consequence, systems that previously detected and classified those threats are now outdated. This paper proposes a detection system based on the analysis of events and matching the risk level with the MITRE ATT&CK matrix and Cyber Kill Chain. Extensive testing of attacks, using nine malware codes and applying three different obfuscation techniques, was performed. Each malicious code was analyzed using the proposed event management system and also executed in a controlled environment to examine if commercial malware detection systems (antivirus) were successful. The results show that evading techniques such as obfuscation and in-memory extraction of malicious payloads, impose unexpected difficulties to standard antivirus software.
