On Emulation-Based Network Intrusion Detection Systems
作者: Ali Abbasi , Jos Wetzels , Wouter Bokslag , Emmanuele Zambon , Sandro Etalle
DOI: 10.1007/978-3-319-11379-1_19
关键词: Shellcode 、 Network packet 、 Signature (logic) 、 Emulation 、 Computer science 、 Process (computing) 、 Network intrusion detection 、 Embedded system 、 Evasion (network security) 、 Encoder
摘要: Emulation-based network intrusion detection systems have been devised to detect the presence of shellcode in traffic by trying execute (portions of) packet payloads an in- strumented environment and checking execution traces for signs activity. are regarded as a significant step forward with regards traditional signature-based systems, they allow detecting polymorphic (i.e., en- crypted) shellcode. In this paper we investigate test actual effec- tiveness emulation-based show that can be circumvented employing wide range evasion techniques, ex- ploiting weakness present at all three levels process. We draw conclusion current limitations attackers craft generic encoders able circumvent their mechanisms.
springer.com
core.ac.uk
utwente.nl
tue.nl参考文章(23)
Thomas Raffetseder, Christopher Kruegel, Engin Kirda, Detecting System Emulators Lecture Notes in Computer Science. pp. 1- 18 ,(2007) , 10.1007/978-3-540-75496-1_1
Fabian Monrose, Srinivas Krishnan, Kevin Z. Snow, Niels Provos, SHELLOS: enabling fast detection and forensic analysis of code injection attacks usenix security symposium. pp. 9- 9 ,(2011)
Michael Sikorski, Andrew Honig, Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software ,(2012)
Makoto Shimamura, Kenji Kono, Yataglass: Network-Level Code Emulation for Analyzing Memory-Scanning Attacks Detection of Intrusions and Malware, and Vulnerability Assessment. pp. 68- 87 ,(2009) , 10.1007/978-3-642-02918-9_5
Ping Chen, Hai Xiao, Xiaobin Shen, Xinchun Yin, Bing Mao, Li Xie, DROP: Detecting Return-Oriented Programming Malicious Code international conference on information systems security. ,vol. 5905, pp. 163- 177 ,(2009) , 10.1007/978-3-642-10772-6_13
Piotr Bania, Evading network-level emulation arXiv: Cryptography and Security. ,(2009)
Michalis Polychronakis, Kostas G. Anagnostakis, Evangelos P. Markatos, Emulation-based detection of non-self-contained polymorphic shellcode recent advances in intrusion detection. pp. 87- 106 ,(2007) , 10.1007/978-3-540-74320-0_5
R. L. Rivest, D. A. Wagner, A. Shamir, Time-lock Puzzles and Timed-release Crypto Massachusetts Institute of Technology. ,(1996)
Manuel Egele, Peter Wurzinger, Christopher Kruegel, Engin Kirda, Defending Browsers against Drive-by Downloads: Mitigating Heap-Spraying Code Injection Attacks Detection of Intrusions and Malware, and Vulnerability Assessment. pp. 88- 106 ,(2009) , 10.1007/978-3-642-02918-9_6
Simon P Chung, Aloysius K Mok, None, Swarm Attacks against Network-Level Emulation/Analysis recent advances in intrusion detection. pp. 175- 190 ,(2008) , 10.1007/978-3-540-87403-4_10