Detection of Heap-Spraying Attacks Using String Trace Graph
作者: Jaehyeok Song , Jonghyuk Song , Jong Kim
DOI: 10.1007/978-3-319-15087-1_2
关键词:
摘要: Heap-spraying is an attack technique that exploits memory corruptions in web browsers. A realtime detection of heap-spraying difficult because dynamic nature JavaScript and monitoring overheads. In this paper, we propose a runtime detector attacks We build string trace graph by tracing all objects operations JavaScript. The used for detecting abnormal behaviors detect with low false positive rate
springer.com
postech.ac.kr参考文章(14)
Benjamin Zorn, Charles Curtsinger Benjamin Livshits, Christian Seifert, Zozzle: Low-overhead Mostly Static JavaScript Malware Detection ,(2010)
Thomas Toth, Christopher Kruegel, Accurate buffer overflow detection via abstract payload execution recent advances in intrusion detection. pp. 274- 291 ,(2002) , 10.1007/3-540-36084-0_15
Paruj Ratanaworabhan, Benjamin Livshits, Benjamin Zorn, NOZZLE: a defense against heap-spraying code injection attacks usenix security symposium. pp. 169- 186 ,(2009)
Ryoichi Sasaki, Eiji Okamoto, Hiroshi Yoshiura, Sihan Qing, Security and Privacy in the Age of Ubiquitous Computing ,(2008)
P. Akritidis, E. P. Markatos, M. Polychronakis, K. Anagnostakis, STRIDE: Polymorphic Sled Detection Through Instruction Sequence Analysis information security conference. pp. 375- 391 ,(2005) , 10.1007/0-387-25660-1_25
Michalis Polychronakis, Kostas G. Anagnostakis, Evangelos P. Markatos, Emulation-based detection of non-self-contained polymorphic shellcode recent advances in intrusion detection. pp. 87- 106 ,(2007) , 10.1007/978-3-540-74320-0_5
Manuel Egele, Peter Wurzinger, Christopher Kruegel, Engin Kirda, Defending Browsers against Drive-by Downloads: Mitigating Heap-Spraying Code Injection Attacks Detection of Intrusions and Malware, and Vulnerability Assessment. pp. 88- 106 ,(2009) , 10.1007/978-3-642-02918-9_6
Marco Cova, Christopher Kruegel, Giovanni Vigna, Detection and analysis of drive-by-download attacks and malicious JavaScript code the web conference. pp. 281- 290 ,(2010) , 10.1145/1772690.1772720
Konrad Rieck, Tammo Krueger, Andreas Dewald, Cujo: efficient detection and prevention of drive-by-download attacks annual computer security applications conference. pp. 31- 39 ,(2010) , 10.1145/1920261.1920267
Michalis Polychronakis, Kostas G. Anagnostakis, Evangelos P. Markatos, Network-level polymorphic shellcode detection using emulation Journal in Computer Virology. ,vol. 2, pp. 257- 274 ,(2007) , 10.1007/S11416-006-0031-Z