ISSN 1000-1239 CN 11-1777/TP

Journal of Computer Research and Development ›› 2021, Vol. 58 ›› Issue (5): 1035-1044.doi: 10.7544/issn1000-1239.2021.20200937

Special Issue: 2021人工智能安全与隐私保护技术专题

Previous Articles     Next Articles

Digital Currency Features Oriented Fine-Grained Code Injection Attack Detection

Sun Cong1, Li Zhankui1,2, Chen Liang1, Ma Jianfeng1, Qiao Xinbo1   

  1. 1(School of Cyber Engineering, Xidian University, Xi’an 710071);2(HUAWEI Technologies Co., Ltd, Xi’an 710075)
  • Online:2021-05-01
  • Supported by: 
    This work was supported by the National Natural Science Foundation of China (61872279) and the Key Research and Development Program of Shaanxi Province (2020GY-004, 2019ZDLGY12-06).

Abstract: Digital currencies have developed rapidly and emerged as a critical form of our payment system. Consequently, the applications and platforms of digital currencies and their payment services are extensively exposed to various exploits by malware. In a typical scenario, modern ransomware usually leverages digital currencies as the medium of payment. The state-of-the-art code injection attack detections have rarely considered such digital currency-related memory features, thus can hardly identify the malicious behaviors of ransomware. To mitigate this issue, we propose a fine-grained scheme of memory forensics to facilitate the detection of host-based code injection attacks with the ability to identify ransomware. We capture the digital currency-related memory features exhibited in the procedure of inducing the victims’ payment. We incorporate such memory features into a set of general memory features and implement a fine-grained detection system on code injection attacks. According to the experimental results, the new scheme of memory forensics effectively improves the performance of the state-of-the-art detection system on different metrics. Meanwhile, our approach enables the detection systems of host-based code injection attacks to capture the behaviors of ransomware precisely. Moreover, the extraction of the newly proposed memory features is efficient, and our detection system is capable of detecting unknown malware families.

Key words: code injection attack, machine learning, memory forensics, ransomware, digital currency

CLC Number: