Stealth Eye: Behavioral Analysis for Fileless Malware Detection

Abstract

Fileless malware is a significant cybersecurity threat as it is entirely present in system memory and evades traditional signature-based detection methods. This paper introduces STEALTH EYE, an endpoint behavioral analysis framework for detecting fileless malware, such as ransomware, spyware, trojans, and RedLine Stealer, in real time. The framework utilizes an endpoint agent that monitors system activity in real time and captures snapshots of behavior every 60 seconds for real- time threat analysis. These captures track memory injections, DLL loading and execution, file and handle operations, service activity, process and thread behavior, registry modifications, network communications, cryptographic function usage, keystroke logging, and clipboard access. The data that is collected is analyzed through supervised machine learning mechanisms to detect patterns that indicate fileless malware activity. In contrast to traditional post-infection forensic approaches, STEALTH EYE provides real-time monitoring, notification, and active response with enhanced cybersecurity resilience against the widespread fileless attacks.