International Research Journal of Engineering and Technology (IRJET)
e-ISSN: 2395-0056
Volume: 10 Issue: 06 | Jun 2023
p-ISSN: 2395-0072
www.irjet.net
A REVIEW PAPER ON API MALWARE ANALYSIS AND FORENSICS VEESAM SAI VAMSI Student, Department of Information Security, School of Computer Science and Engineering, Vellore Institute of Technology, Vellore – 632014, Tamil Nadu, India. ---------------------------------------------------------------------***---------------------------------------------------------------------
Abstract - A significant area of cybersecurity study is API
systems, such as connecting a front-end web application to a back-end database [10] [12].
Malware Analysis and Forensics. It is crucial to have effective defences in place to identify and stop malware assaults through APIs since they can have catastrophic effects. The goal of the article is to give a broad overview of the state of the art in API malware analysis and forensics, as well as the methods and equipment employed to identify, evaluate, and counteract API-based malware attacks.
However, APIs can also be a potential security vulnerability. Malicious actors can exploit weaknesses in API design and implementation to launch attacks, such as API malware attacks. Therefore, it is important for developers and security professionals to implement proper security measures and conduct regular API security testing to ensure the integrity of their systems [10].
The paper will explore the various kinds of malware that can be distributed through APIs, such as backdoors, command and control (C2) servers, and Remote Access Trojans (RATs). Additionally, an overview of the various methods for detecting malware in APIs, such as static and dynamic analysis, will be provided.
1.1 KEY CHARACTERISTICS OF API SECURITY THAT DISTINGUISH IT FROM TRADITION SECURITY
This paper's overall goal is to provide a thorough overview of API malware analysis and investigation, encompassing several methods and instruments that are used to find and examine API malware. This study also emphasizes the significance of taking proactive steps to prevent API-based malware attacks, such as routinely testing APIs for vulnerabilities, putting security protocols in place, and utilizing cutting-edge security technologies to detect and mitigate API-based malware assaults.
1.
A castle with many openings and no moat: In the past, popular ports like 80 (HTTP) and 443 (HTTPS) were all that needed to be protected on traditional networks. There are several API endpoints that employ various protocols in today's web apps. Even one API can make security a challenging task because APIs often grow over time [3].
2.
Incoming request formats that change frequently: In a DevOps context, APIs change quickly, and most WAFs cannot handle this level of elasticity. Traditional security tools require manual tuning and reconfiguration whenever an API changes, which is an error-prone procedure that uses up resources and time [3].
3.
Clients often do not use a web browser: The majority of native and mobile applications, as well as other services and software components, have access to service or microservice APIs. Web security technologies cannot employ browser verification on these clients since they don't use browsers. Automated traffic from API endpoints is typically difficult to exclude for solutions that rely on browser verification to detect harmful bots [3].
Key Words: Malware Analysis, Forensics Investigations, Malware Attacks.
1.INTRODUCTION Software programmers can connect and interact with one another thanks to a collection of protocols, procedures, and tools called an application programming interface (API). Regardless of the underlying hardware and operating systems, APIs offer a standard method for data and service interchange across various software components [10] [12]. In software development, APIs play a crucial role in creating modular and scalable applications. By using APIs, developers can break down complex systems into smaller, independent components that can be developed, tested, and deployed separately. APIs also allow developers to reuse existing code and services, saving time and reducing development costs [10] [12].
Examining incoming requests does not guarantee detecting attacks; many API abuse attacks exploit requests that look legitimate.
APIs can be used in a variety of software applications, including web applications, mobile apps, and desktop software. They are often used to integrate different software
API malware attacks are a type of cyberattack that uses APIs to inject and execute malicious code on a targeted system. Malware is often hidden in API calls, which can then be used
© 2023, IRJET
|
Impact Factor value: 8.226
1.2 THREAT OF API MALWARE ATTACKS
|
ISO 9001:2008 Certified Journal
|
Page 1040