Monitoring of RPC Messages with ALPC-Level API Hooking
In an attempt to remain undetectable, malicious programs try to use legitimate code calls in order to penetrate a computer system. In this research paper, we present a threat model centred around RPC (Remote Procedure Call) communication utilizing ALPC (Advanced Local Procedure Call) and propose a m...
Saved in:
Published in | 2024 IEEE International Conference on Automation, Quality and Testing, Robotics (AQTR) pp. 1 - 6 |
---|---|
Main Authors | , , |
Format | Conference Proceeding |
Language | English |
Published |
IEEE
16.05.2024
|
Subjects | |
Online Access | Get full text |
Cover
Loading…
Summary: | In an attempt to remain undetectable, malicious programs try to use legitimate code calls in order to penetrate a computer system. In this research paper, we present a threat model centred around RPC (Remote Procedure Call) communication utilizing ALPC (Advanced Local Procedure Call) and propose a method for evaluating and testing detection techniques under these conditions. Additionally, our research presents a monitoring approach that is effective for both documented and undocumented interfaces, thereby improving the identification and comprehension of cyber threats. |
---|---|
ISBN: | 9798350361919 |
ISSN: | 1844-7872 |
DOI: | 10.1109/AQTR61889.2024.10554183 |