Detection of Fileless Malware using Windows Artifacts

Abstract

Over the years reliance on digital technologies, networked systems, internet and information technology solutions has consistently increased. The increased dependency has expanded cyber threat spectrum by creating more opportunities for the execution of malicious software. The diversity and complexity of cyber threats continue to evolve, posing challenges for cyber security professionals. Malware is a constant and enduring component of the cyber threat spectrum. It is one of the malicious tools that are used by attackers to achieve their agendas. Malware can be categorised as traditional malware e.g., virus, worm, or RAT, and unconventional such as fileless malware. Traditional malware rely on executables and thus can be detected through signature-based or heuristic techniques. Anti malware solutions are capable to detect traditional malware more effectively through traditional detection techniques like signature-based detection etc. Attackers prefer malware that do not require files or executable but they rely on tools and programs already running in the system. This type of malware is known as Fileless malware. Being fileless in nature, it easily evades traditional detection mechanisms. Microsoft Windows with a promising GUI is most widely used OS. Thus it is mostly targeted by the fileless malware. This study considers the detection of fileless malware using windows artifacts with a focus on scenarios in which third-party tools are either not available or effective for a specific fileless threat. Proposed detection technique forms the basis for the development of more effective security solutions to detect and mitigate fileless malware attacks.