Fileless cyberattacks: Analysis and classification |
| |
| Authors: | GyungMin Lee ShinWoo Shim ByoungMo Cho TaeKyu Kim Kyounggon Kim |
| |
| Affiliation: | 1. School of Cybersecurity, Korea University, Seoul, Rep. of Korea;2. Intelligent SW Research Center, LIG Nex1, Seoul, Rep. of Korea |
| |
| Abstract: | With cyberattack techniques on the rise, there have been increasing developments in the detection techniques that defend against such attacks. However, cyber attackers are now developing fileless malware to bypass existing detection techniques. To combat this trend, security vendors are publishing analysis reports to help manage and better understand fileless malware. However, only fragmentary analysis reports for specific fileless cyberattacks exist, and there have been no comprehensive analyses on the variety of fileless cyberattacks that can be encountered. In this study, we analyze 10 selected cyberattacks that have occurred over the past five years in which fileless techniques were utilized. We also propose a methodology for classification based on the attack techniques and characteristics used in fileless cyberattacks. Finally, we describe how the response time can be improved during a fileless attack using our quick and effective classification technique. |
| |
| Keywords: | classification cyber security cyberattack fileless malware |
|
|
