• Title/Summary/Keyword: DLL/Code injection

Search Result 1, Processing Time 0.043 seconds

A Study on the Tracking and Blocking of Malicious Actors through Thread-Based Monitoring (스레드 기반 모니터링을 통한 악의적인 행위 주체 추적 및 차단에 관한 연구)

  • Ko, Boseung;Choi, Wonhyok;Jeong, Dajung
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.30 no.1
    • /
    • pp.75-86
    • /
    • 2020
  • With the recent advancement of malware, the actors performing malicious tasks are often not processes. Malicious code injected into the process that is installed by default in the operating system works thread by thread in the same way as DLL / code injection. In this case, diagnosing and blocking the process as malicious can cause serious problems with system operation. This white paper lists the problems of how to use process-based monitoring information to identify and block the malicious state of a process and presents an improved solution.