Affiliation of Author(s):计算机科学与技术学院/人工智能学院/软件学院
Journal:SECURITY AND COMMUNICATION NETWORKS
Abstract:Research on endpoint security involves both traditional PC platform and prevalent mobile platform, among which the analysis of software vulnerability and malware is one of the important contents. For researchers, it is necessary to carry out nonstop exploration of the insecure factors in order to better protect the endpoints. Driven by this motivation, we propose a new threat model named Process Memory Captor (PMCAP) on the Windows operating system which threatens the live process volatile memory data. Compared with other threats, PMCAP aims at dynamic data in the process memory and uses a noninvasive approach for data extraction. In this paper we describe and analyze the model and then give a detailed implementation taking four popular web browsers IE, Edge, Chrome, and Firefox as examples. Finally, the model is verified through real experiments and case studies. Compared with existing technologies, PMCAP can extract valuable data at a lower cost; some techniques in the model are also suitable for memory forensics and malware analysis.
ISSN No.:1939-0114
Translation or Not:no
Date of Publication:2017-01-01
Co-author:Pan, Jiaye
Correspondence Author:zy
Date of Publication:2017-01-01