Evaluation of Persistence Methods Used by Malware on Microsoft Windows Systems

Amélie Dieterich; Matthias Schopp; Lars Stiemert; Christoph Steininger; Daniela Pöhn

doi:10.5220/0011710200003405

Evaluation of Persistence Methods Used by Malware on Microsoft Windows Systems

Amélie Dieterich, Matthias Schopp, Lars Stiemert, Christoph Steininger, Daniela Pöhn

2023

Abstract

The usage of persistence methods has become common, as adversaries seek to remain undetected with their malware on systems for longer periods. This raises the question of how effective frequently used persistence methods are across different versions of the Microsoft Windows operating system. To answer this question, a metric is developed by which persistence methods can be quantitatively evaluated and compared. The metric is subsequently applied to eight persistence mechanisms across four different Microsoft Windows operating systems. In our results, there is no difference in the performance of methods between operating systems and a majority of mechanisms scored similarly overall. There is, however, a significant decline in performance when defensive mechanisms are enabled. The results emphasize the effectiveness of basic persistence methods of Microsoft Windows operating systems.

Download

Paper Citation

in Harvard Style

Dieterich A., Schopp M., Stiemert L., Steininger C. and Pöhn D. (2023). Evaluation of Persistence Methods Used by Malware on Microsoft Windows Systems. In Proceedings of the 9th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP, ISBN 978-989-758-624-8, pages 552-559. DOI: 10.5220/0011710200003405

in Bibtex Style

@conference{icissp23,
author={Amélie Dieterich and Matthias Schopp and Lars Stiemert and Christoph Steininger and Daniela Pöhn},
title={Evaluation of Persistence Methods Used by Malware on Microsoft Windows Systems},
booktitle={Proceedings of the 9th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,},
year={2023},
pages={552-559},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0011710200003405},
isbn={978-989-758-624-8},
}

in EndNote Style

TY - CONF

JO - Proceedings of the 9th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,
TI - Evaluation of Persistence Methods Used by Malware on Microsoft Windows Systems
SN - 978-989-758-624-8
AU - Dieterich A.
AU - Schopp M.
AU - Stiemert L.
AU - Steininger C.
AU - Pöhn D.
PY - 2023
SP - 552
EP - 559
DO - 10.5220/0011710200003405