Monitoring of RPC Messages with ALPC-Level API Hooking

In an attempt to remain undetectable, malicious programs try to use legitimate code calls in order to penetrate a computer system. In this research paper, we present a threat model centred around RPC (Remote Procedure Call) communication utilizing ALPC (Advanced Local Procedure Call) and propose a m...

Full description

Saved in:
Bibliographic Details
Published in2024 IEEE International Conference on Automation, Quality and Testing, Robotics (AQTR) pp. 1 - 6
Main Authors Andrei-Marius, Muntea, Radu-Marian, Portase, Gheorghe, Sebestyen-Pal
Format Conference Proceeding
LanguageEnglish
Published IEEE 16.05.2024
Subjects
ALPC
Automation
Codes
Monitoring
Robots
RPC
Security
Testing
Threat Model
Threat modeling
Online AccessGet full text

Cover

More Information
Summary:In an attempt to remain undetectable, malicious programs try to use legitimate code calls in order to penetrate a computer system. In this research paper, we present a threat model centred around RPC (Remote Procedure Call) communication utilizing ALPC (Advanced Local Procedure Call) and propose a method for evaluating and testing detection techniques under these conditions. Additionally, our research presents a monitoring approach that is effective for both documented and undocumented interfaces, thereby improving the identification and comprehension of cyber threats.
ISBN:9798350361919
ISSN:1844-7872
DOI:10.1109/AQTR61889.2024.10554183