SBE '—' A Precise Shellcode Detection Engine Based on Emulation and Support Vector Machine
作者: Yonggan Hou , J. W. Zhuge , Dan Xin , Wenya Feng
DOI: 10.1007/978-3-319-06320-1_13
关键词:
摘要: An important method of detecting zero-day attacks is to identify the shellcode which usually taken as part attacks. However, detection range always restricted, for existent emulation based techniques only take several features that are observed when emulated. In this paper, we propose a new algorithm on and Support Vector Machine(SVM). One most prominent advantages by means emulating, can get real executed path includes key e.g. loop, xor, GetPC etc. Moreover, recording aforementioned training them with SVM, rely general detect rather than specific features. addition, build complete data set so other researchers focus algorithms. We have implemented prototype system named SBE Ubuntu/Amd-64 tested our various kinds shellcode. Experiment shows proposed has better rate Libemu could effectively all x86 very few false positives.
springer.com
sci-hub.st 参考文章(20)
Hsiang-an Feng, Generic shellcode detection ,(2008)
Thomas Toth, Christopher Kruegel, Accurate buffer overflow detection via abstract payload execution recent advances in intrusion detection. pp. 274- 291 ,(2002) , 10.1007/3-540-36084-0_15
Ryoichi Sasaki, Eiji Okamoto, Hiroshi Yoshiura, Sihan Qing, Security and Privacy in the Age of Ubiquitous Computing ,(2008)
P. Akritidis, E. P. Markatos, M. Polychronakis, K. Anagnostakis, STRIDE: Polymorphic Sled Detection Through Instruction Sequence Analysis information security conference. pp. 375- 391 ,(2005) , 10.1007/0-387-25660-1_25
Péter András, The Equivalence of Support Vector Machine and Regularization Neural Networks Neural Processing Letters. ,vol. 15, pp. 97- 104 ,(2002) , 10.1023/A:1015292818897
Thorsten Joachims, Making large scale SVM learning practical Technical reports. ,(1999) , 10.17877/DE290R-14262
Michalis Polychronakis, Kostas G. Anagnostakis, Evangelos P. Markatos, Emulation-based detection of non-self-contained polymorphic shellcode recent advances in intrusion detection. pp. 87- 106 ,(2007) , 10.1007/978-3-540-74320-0_5
Peter Szor, The Art of Computer Virus Research and Defense ,(2005)
Archana Pasupulati, Jason Coit, Karl Levitt, Shyhtsun Felix Wu, SH Li, JC Kuo, Kuo-Pao Fan, Buttercup: on network-based detection of polymorphic buffer overflow vulnerabilities network operations and management symposium. ,vol. 1, pp. 235- 248 ,(2004) , 10.1109/NOMS.2004.1317662
Martin Roesch, Snort - Lightweight Intrusion Detection for Networks usenix large installation systems administration conference. pp. 229- 238 ,(1999)