How we trained an ML model to detect DLL hijacking
#1
Bug 
Quote:DLL hijacking is a common technique in which attackers replace a library called by a legitimate process with a malicious one. It is used by both creators of mass-impact malware, like stealers and banking Trojans, and by APT and cybercrime groups behind targeted attacks. In recent years, the number of DLL hijacking attacks has grown significantly.

Trend in the number of DLL hijacking attacks. 2023 data is taken as 100% (download)

We have observed this technique and its variations, like DLL sideloading, in targeted attacks on organizations in Russia, Africa, South Korea, and other countries and regions. Lumma, one of 2025’s most active stealers, uses this method for distribution. Threat actors trying to profit from popular applications, such as DeepSeek, also resort to DLL hijacking.

Detecting a DLL substitution attack is not easy because the library executes within the trusted address space of a legitimate process. So, to a security solution, this activity may look like a trusted process. Directing excessive attention to trusted processes can compromise overall system performance, so you have to strike a delicate balance between a sufficient level of security and sufficient convenience.
...
Developing a machine-learning model to detect DLL hijacking
Reply
#2
Detecting DLL hijacking with machine learning: real-world cases
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:





[-]
Recent Posts
Microsoft releases KB5070773 out of band...
Microsoft has rele...harlan4096 — 10:23
AdGuard for iOS v4.5.14
AdGuard for iOS v4...harlan4096 — 08:49
AVLab.pl - Advanced In-The-Wild Malware ...
Hi Community We...harlan4096 — 08:48
K. STANDARD / PLUS / PREMIUM 21.23
K. STANDARD / PLUS /...harlan4096 — 07:12
Notepad++ 8.8.7
Notepad++ 8.8.7 ...harlan4096 — 07:09

[-]
Birthdays
Today's Birthdays
No birthdays today.
Upcoming Birthdays
avatar (47)Michaelaceve
avatar (37)QuadirLigh
avatar (38)Mblippek
avatar (44)viecontAceve
avatar (40)Michaelcrini

[-]
Online Staff
There are no staff members currently online.

>