LNN-Powered Logic Bomb Detection of RCE Vulnerabilities in Registry Activity for Windows 11 - A Case Study

Authors

  • Jaimin Jani, Kriti Sankhla, Riddhi Desai, Angira Patel, Harish Morwani, Kamakshi V. Kaul

Keywords:

Liquid Neural Networks (LNN), Remote Code Execution (RCE), vulnerabilities, Windows 11, registry activity

Abstract

The prevalence of Remote Code Execution (RCE) vulnerabilities endangers the security of modern computing systems, especially when used in complex attack vectors like logic bombs. These malicious scripts, which are frequently embedded within normal processes, use registry activity to perform damaging activities under specified conditions. This study describes a unique way to detecting logic bomb activities using Liquid Neural Networks (LNN) in the context of Windows 11 registry activity. Our LNN model effectively detects unusual patterns that indicate potential RCE exploits by continuously monitoring and analyzing registry changes. The paper describes how to acquire registry activity data, extract features, and then train the LNN model. Through thorough testing, our technique exhibits a high detection accuracy, delivering a strong solution for preventive identification. The study uses Liquid Neural Networks (LNN) to discover and signal harmful modifications that may indicate logic bombs.

Downloads

Download data is not yet available.

References

RCE Vulnerabilities in Registry Activity for Windows 11: Detection and Mitigation Strategies, Jane Doe, Journal of Cybersecurity and Privacy (MDPI), 2023.

Demystifying RCE Vulnerabilities in LLM-Integrated Apps, Tong Liu, Zizhuang Deng, Guozhu Meng, Yuekang Li, Kai Chen, arXiv, 2023.

Log4jPot: Effective Log4Shell Vulnerability Detection System, Shein Sopariwala; Enda Fallon; Mamoona Naveed Asghar, IEEE, 2022.

Investigating Package Related Security Threats in Software Registries, Yacong Gu; Lingyun Ying; Yingyuan Pu; et al., IEEE,2023.

A survey on the evolution of fileless attacks and detection techniques, Side Liu a b, Guojun Peng a b, Haitao Zeng c, Jianming Fu et al., ELSEVIER,2024.

Revisiting the Detection of Lateral Movement through Sysmon, Christos Smiliotopoulos, Konstantia Barmpatsalou, Georgios Kambourakis, MDPI, 2022.

Detection of Intrusions and Malware, and Vulnerability Assessment, Rieck, K., Holz, T., Willems, C., Düssel, P., Laskov, P., Springer Berlin Heidelberg, 2008.

On the Security of Containers: Threat Modeling, Attack Analysis, and Mitigation Strategies, Ann Yi Wong a, Eyasu Getahun Chekole a, Martín Ochoa b, Jianying Zhou , Computers & Security, ELSEVIER, 2023.

Malware MultiVerse: From Automatic Logic Bomb Identification to Automatic Patching and Tracing, Marcus Botacin, André Grégio, arXiv,2021.

Stacking-based ensemble model for malware detection in android devices, Volume 15, pages 2907–2915,Apoorv Joshi & Sanjay Kumar, August 2023.

"Concolic Execution on Small-Size Binary Codes: Challenges and Empirical Study," Hui Xu, Yangfan Zhou, Yu Kang, and Michael R. Lyu, in the 47th IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2017). https://github.com/hxuhack/logic_bombs

Benchmarking the capability of symbolic execution tools with logic bombs,Xu, Hui and Zhao, Zirui and Zhou, Yangfan and Lyu, Michael R,IEEE Transactions on Dependable and Secure Computing,volume 17, number 6, 1243--1256,IEEE, 2018 .

On The (In)Effectiveness of Static Logic Bomb Detection for Android Apps, Flavio Toffalini, Clémentine Maurice, Lionel Seinturier, arXiv, 2021.

On Benchmarking the Capability of Symbolic Execution Tools with Logic Bombs", Shang-Wei Lin, Jun Sun, Yang Liu, Jin Song Dong, arXiv, 2017. .

TriggerZoo: A Dataset of Android Applications Automatically Infected with Logic Bombs, Jordan Samhi, Tegawendé F. Bissyandé, Jacques Klein, arXiv, 2022. https://arxiv.org/pdf/2203.04448v1.

Malware Classification using Deep Neural Networks: Performance Evaluation and Applications in Edge Devices, Akhil M R, Adithya Krishna V Sharma, Harivardhan Swamy, Pavan A, Ashray Shetty, Anirudh B Sathyanarayana, arXiv, 2023 .

Artificial Intelligence-Based Malware Detection, Analysis, and Mitigation,Ahmed Bouridane, Saddaf Rubab, Ibrahim Moussa Marou, Symmetry 2023, 15(3), 677, MDPI,2023.

Proceedings of the 23rd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining (KDD '17). 2017. 1145-1153. doi: 10.1145/3097983.3098158.

BlueKeep: A Journey from DoS to RCE (CVE-2019-0708), Exploit-DB Team, 2019,https://www.exploit-db.com/ .

Analysis of CVE-2021-26897 DNS Server RCE, Ricardo Narvaja, 2021. https://www.coresecurity.com/core-labs/articles/analysis-cve-2021-26897-dns-server-rce .

Integration of Static and Dynamic Analysis for Malware Family Classification with Composite Neural Network", Guolin Ke, Qiwei Ye, Taifeng Wang, Qi Meng, Weidong Ma, Tie-Yan Liu,arxiv,2019, URL: arxiv.org/abs/1912.11249 .

Malware Classification using Deep Neural Networks: Performance Evaluation and Applications in Edge Devices", Akhil M R, Adithya Krishna V Sharma, Harivardhan Swamy, Pavan A, Ashray Shetty, Anirudh B Sathyanarayana,arxiv,2023, URL: arxiv.org/abs/2310.06841

Towards Inspecting and Eliminating Trojan Backdoors in Deep Neural Networks,W Guo, L Wang, Y Xu, X Xing, M Du, D Song, Proceedings of the 22th IEEE International Conference on Data Mining. (ICDM'20), 2020

Downloads

Published

17.06.2024

How to Cite

Jaimin Jani. (2024). LNN-Powered Logic Bomb Detection of RCE Vulnerabilities in Registry Activity for Windows 11 - A Case Study. International Journal of Intelligent Systems and Applications in Engineering, 12(21s), 4037 –. Retrieved from https://ijisae.org/index.php/IJISAE/article/view/6201

Issue

Vol. 12 No. 21s (2024)

Section

Research Article

License

Creative Commons License

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

All papers should be submitted electronically. All submitted manuscripts must be original work that is not under submission at another journal or under consideration for publication in another form, such as a monograph or chapter of a book. Authors of submitted papers are obligated not to submit their paper for publication elsewhere until an editorial decision is rendered on their submission. Further, authors of accepted papers are prohibited from publishing the results in other publications that appear before the paper is published in the Journal unless they receive approval for doing so from the Editor-In-Chief.

IJISAE open access articles are licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. This license lets the audience to give appropriate credit, provide a link to the license, and indicate if changes were made and if they remix, transform, or build upon the material, they must distribute contributions under the same license as the original.