高级搜索
    删除搜索历史记录.
    我的图书馆

    Automatic Hooking for Forensic Analysis of Document-based Code Injection Attacks Techniques and Empirical Analyses

    作者: Fabian Monrose , Kevin Z. Snow

    DOI:

    关键词:

    摘要: Document-based code injection attacks, where-in malicious (coined shellcode) is embedded in a document, have quickly replaced network-service based exploits as the preferred method of attack. In this paper, we present new technique to aid forensic and diagnostic analysis documents detected using dynamic techniques — namely, automated API call hooking simulation. Our approach provides an trace shellcode few milliseconds. We also results large empirical PDFs collected wild over last years. To our surprise, found that 90% make no use machine-code level polymorphism, stark contrast prior studies on samples from attacks. observed heavy-tailed distribution sequences used by contemporary shellcode.

    参考文章(18)
    1.
    Paul Seymer, Charalampos Andrianakis, Angelos Stavrou, Scalable web object inspection and malfease collection usenix conference on hot topics in security. pp. 1- 16 ,(2010)
    2.
    Kostas G. Anagnostakis, Michalis Polychronakis, Evangelos P. Markatos, An empirical study of real-world polymorphic code injection attacks usenix conference on large scale exploits and emergent threats. pp. 9- 9 ,(2009)
    3.
    Fabian Monrose, Srinivas Krishnan, Kevin Z. Snow, Niels Provos, SHELLOS: enabling fast detection and forensic analysis of code injection attacks usenix security symposium. pp. 9- 9 ,(2011)
    4.
    Udo Payer, Peter Teufl, Stefan Kraxberger, Mario Lamberger, Massive Data Mining for Polymorphic Code Detection Lecture Notes in Computer Science. pp. 448- 453 ,(2005) , 10.1007/11560326_38
    5.
    Christopher Kruegel, Giovanni Vigna, Yanick Fratantonio, Shellzer: A Tool for the Dynamic Analysis of Malicious Shellcode Lecture Notes in Computer Science. pp. 61- 80 ,(2011) , 10.1007/978-3-642-23644-0_4
    6.
    Michalis Polychronakis, Kostas G. Anagnostakis, Evangelos P. Markatos, Emulation-based detection of non-self-contained polymorphic shellcode recent advances in intrusion detection. pp. 87- 106 ,(2007) , 10.1007/978-3-540-74320-0_5
    7.
    Yingbo Song, Michael E. Locasto, Angelos Stavrou, Angelos D. Keromytis, Salvatore J. Stolfo, On the infeasibility of modeling polymorphic shellcode Machine Learning. ,vol. 81, pp. 179- 205 ,(2010) , 10.1007/S10994-009-5143-5
    8.
    Marco Cova, Christopher Kruegel, Giovanni Vigna, Detection and analysis of drive-by-download attacks and malicious JavaScript code the web conference. pp. 281- 290 ,(2010) , 10.1145/1772690.1772720
    9.
    Pavel Laskov, Nedim Šrndić, Static detection of malicious JavaScript-bearing PDF documents annual computer security applications conference. pp. 373- 382 ,(2011) , 10.1145/2076732.2076785
    10.
    Zacharias Tzermias, Giorgos Sykiotakis, Michalis Polychronakis, Evangelos P. Markatos, Combining static and dynamic analysis for the detection of malicious documents Proceedings of the Fourth European Workshop on System Security - EUROSEC '11. pp. 4- ,(2011) , 10.1145/1972551.1972555
    来源期刊
    • 2012 年,
    • Volume: , Issue: ,
    • Page:
    相似文章 3
    学术资源搜索(ver.BATE)

    为学术研究人员、学生以及专业人士设计的在线资源检索工具。
    致力于为用户提供全球范围内高质量开放学术文献、研究报告、会议论文、期刊文章等学术资源的便捷访问.

    Copyright © 2023. KipHub all right reserved. 沪ICP备2023020492号-1
    联系方式Terms & ConditionsSecurity
    Copyright 2023 ©KipHub.