Survey on malware evasion techniques: State of the art and challenges
作者: Mangal Sain , Hoon-Jae Lee , Jonathan A.P. Marpaung
DOI:
关键词: Computer security 、 Address space layout randomization 、 Intrusion detection system 、 Return-oriented programming 、 Sandbox (computer security) 、 Malware 、 Denial-of-service attack 、 Computer science 、 Obfuscation (software) 、 Evasion (network security)
摘要: Nowadays targeted malware attacks against organizations are increasingly becoming more sophisticated, damaging, and difficult to detect. Current intrusion detection technologies incapable of addressing many the newer evasion techniques such as return-oriented programming remote library injection. This paper presents a survey on various employed in evade by security systems anti-virus software. The we cover include obfuscation, fragmentation session splicing, application specific violations, protocol inserting traffic at IDS, denial service, code reuse attacks. We also discuss mitigations sandboxing, reassembly, data execution prevention, address space layout randomization, control flow integrity, Windows 8 ROP mitigation. compare with an analysis sophistication attack, challenges or difficulty detect, degree impact.
参考文章(5)
Ulfar Erlingsson, Jay Ligatti, Martn Abadi, Mihai Budiu, Control-Flow Integrity - Principles, Implementations, and Applications computer and communications security. ,(2005)
Ryan Roemer, Erik Buchanan, Hovav Shacham, Stefan Savage, Return-Oriented Programming ACM Transactions on Information and System Security. ,vol. 15, pp. 1- 34 ,(2012) , 10.1145/2133375.2133377
Hovav Shacham, Matthew Page, Ben Pfaff, Eu-Jin Goh, Nagendra Modadugu, Dan Boneh, On the effectiveness of address-space randomization computer and communications security. pp. 298- 307 ,(2004) , 10.1145/1030083.1030124
Hovav Shacham, The geometry of innocent flesh on the bone: return-into-libc without function calls (on the x86) computer and communications security. pp. 552- 561 ,(2007) , 10.1145/1315245.1315313
Karen Scarfone, Peter Mell, None, Guide to Intrusion Detection and Prevention Systems (IDPS) Special Publication (NIST SP) - 800-94. ,(2007) , 10.6028/NIST.SP.800-94