Hypervisor injection attack using X-cross API calls (HI-API attack)

Abstract

Progressive cyber-attacks emphasize secrecy and industriousness the more they are able to move alongside, exfiltration of information and cause harm. The more they stay under radar. The abusers swing progressively to cross-process infusion to preserve a strategic distance from identification. Cross-process infusion helps attackers to execute malicious codes that take on truly project appearance. Code infusion does not require aggressors to use specific procedures that can be quickly differentiated. Alternatively, they incorporate malignancy code into the normal procedure, allowing their operations a wider range of secrecy and naivety (e.g. explorer.exe, regsvr32.exe, svchost.exe…). For the purpose of detect malware injection The hypervisor injection attack proposed in this paper by using a method of X-cross application programming interface calls (API-HI-attack) raises awareness that malware is injecting into the simulation tool with X-cross-language API calls. The experimental results of the proposed work shows antimalware protector need to take more attention on API call hooking at process level injection by X-cross languages. The results proposed method with high true positive (92.96%) and less false positive (0.07%) over the existing methods.