grizzly/deneir
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

start writing

Browse source
This commit is contained in:
Arthur 2024-11-22 16:33:25 +01:00
parent 0381009448
commit e3c313e93c
5 changed files with 3201 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

28
procver/ACNS/notes.txt Normal file
View file

@ -0,0 +1,28 @@
Main Points for the Introduction
Background and Motivation:
The increasing sophistication of malware and attack techniques, such as rootkits and masquerading processes, poses significant challenges to traditional detection mechanisms.
Hidden or masqueraded processes can evade standard tools by leveraging techniques like kernel-level manipulation, API hooking, or process injection.
Limitations of Current Approaches:
Signature-based and behavior-based detection methods are often circumvented by polymorphic or fileless malware.
Existing tools may struggle to differentiate between legitimate and malicious processes, especially when attackers mimic trusted processes.
Emerging Focus on Side-Channel Analysis:
Side-channel data, such as power consumption, has emerged as a promising non-invasive means of system monitoring.
Power consumption patterns inherently reflect the activity of running processes, including their computational and memory usage characteristics.
Research Gap:
While side-channel data has been explored for other applications, its potential for detecting hidden or masqueraded processes remains underexplored.
A reliable method to associate anomalous power consumption patterns with malicious process activity could significantly enhance detection capabilities.
Proposed Contribution:
Introduction of a novel method leveraging power consumption patterns to detect hidden or masqueraded processes.
Description of how the method identifies deviations from expected power usage profiles using advanced statistical or machine learning techniques.
Significance of the Work:
The proposed method offers a complementary tool to traditional detection systems, enhancing system security.
Its ability to utilize hardware-level data reduces reliance on potentially compromised software-based mechanisms.
Structure of the Article:
Overview of the proposed method, followed by an in-depth explanation of the methodology, experimental setup, results, and discussion on implications and limitations.