code injection

Malwares have grown drastically in recent years. Furthermore, the behavior of the newly produced malwares are getting more complex and shrewd. This paper present malware detection methods and especially focus on code and DLL injection attacks. Novel malwares try to obfuscate and hide their behavior through the injection of malicious code in allocated memory and binary file of trusted applications. By data mining on massive volume of malwares, the proposed method of the paper derive chain of API calls through installing logger hook at the kernel space of the operating system in order to model the malicious behavior of code/DLL injection based on linear regression function. The proposed method use association rules machine learning based on Apriori algorithm for early detection of attacks and is able to prevent completion of the attack by blocking remote thread creation. Finnaly, the accuracy of the proposed method is evaluated using dataset from valid references and the results are compared with available Antivirus tools under the same conditions. Results of the evaluation indicate that the proposed method can recognize code/DLL injection attacks by the accuracy of about 94%. Moreover, success coefficient of the proposed self-defense system is evaluated of 88.88% against real code/DLL injection attacks.