检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
作 者:Sudhakar Sushil Kumar
机构地区:[1]School of Computer&Systems Sciences,Jawaharlal Nehru University,110067,New Delhi,India [2]Indian Computer Emergency Response Team,Ministry of Electronics&Information Technology,110003,New Delhi,India [3]School of Computer&Systems Sciences,Jawaharlal Nehru University,110067,New Delhi,India.
出 处:《Cybersecurity》2020年第1期42-53,共12页网络空间安全科学与技术(英文)
摘 要:With the evolution of cybersecurity countermeasures,the threat landscape has also evolved,especially in malware from traditional file-based malware to sophisticated and multifarious fileless malware.Fileless malware does not use traditional executables to carry-out its activities.So,it does not use the file system,thereby evading signature-based detection system.The fileless malware attack is catastrophic for any enterprise because of its persistence,and power to evade any anti-virus solutions.The malware leverages the power of operating systems,trusted tools to accomplish its malicious intent.To analyze such malware,security professionals use forensic tools to trace the attacker,whereas the attacker might use anti-forensics tools to erase their traces.This survey makes a comprehensive analysis of fileless malware and their detection techniques that are available in the literature.We present a process model to handle fileless malware attacks in the incident response process.In the end,the specific research gaps present in the proposed process model are identified,and associated challenges are highlighted.
关 键 词:Fileless malware BOTNET Incident response Memory forensics Incident investigation Memory resident malware ROOTKIT
分 类 号:TP309[自动化与计算机技术—计算机系统结构]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:18.119.100.196
