Dynamic emulation based modeling and detection of polymorphic shellcode at the network level
作者: LanJia Wang , HaiXin Duan , Xing Li
DOI: 10.1007/S11432-008-0150-X
关键词:
摘要: It is a promising way to detect polymorphic shellcode using emulation method. However, previous emulation-based approaches are limited in their performance and resilience against evasions. A new enhanced detection approach proposed, including an automaton-based model of the dynamic behavior algorithm, criterion which derived from that ensures high accuracy. The algorithm also contains several optimization techniques, highly improving running evasion shellcode. We have implemented prototype system for our approach. advantages validated by experiments with real network data, samples generated available engines hand-crafted
springer.com
sci-hub.se 参考文章(14)
Thomas Toth, Christopher Kruegel, Accurate buffer overflow detection via abstract payload execution recent advances in intrusion detection. pp. 274- 291 ,(2002) , 10.1007/3-540-36084-0_15
Udo Payer, Peter Teufl, Stefan Kraxberger, Mario Lamberger, Massive Data Mining for Polymorphic Code Detection Lecture Notes in Computer Science. pp. 448- 453 ,(2005) , 10.1007/11560326_38
P. Akritidis, E. P. Markatos, M. Polychronakis, K. Anagnostakis, STRIDE: Polymorphic Sled Detection Through Instruction Sequence Analysis information security conference. pp. 375- 391 ,(2005) , 10.1007/0-387-25660-1_25
Mihai Christodorescu, Somesh Jha, Static analysis of executables to detect malicious patterns usenix security symposium. pp. 12- 12 ,(2003) , 10.21236/ADA449067
Udo Payer, Peter Teufl, Mario Lamberger, Hybrid engine for polymorphic shellcode detection international conference on detection of intrusions and malware and vulnerability assessment. pp. 19- 31 ,(2005) , 10.1007/11506881_2
Archana Pasupulati, Jason Coit, Karl Levitt, Shyhtsun Felix Wu, SH Li, JC Kuo, Kuo-Pao Fan, Buttercup: on network-based detection of polymorphic buffer overflow vulnerabilities network operations and management symposium. ,vol. 1, pp. 235- 248 ,(2004) , 10.1109/NOMS.2004.1317662
Qinghua Zhang, Douglas S. Reeves, Peng Ning, S. Purushothaman Iyer, Analyzing network traffic to detect self-decrypting exploit code Proceedings of the 2nd ACM symposium on Information, computer and communications security - ASIACCS '07. pp. 4- 12 ,(2007) , 10.1145/1229285.1229291
Michalis Polychronakis, Kostas G. Anagnostakis, Evangelos P. Markatos, Network-level polymorphic shellcode detection using emulation Journal in Computer Virology. ,vol. 2, pp. 257- 274 ,(2007) , 10.1007/S11416-006-0031-Z
M. Christodorescu, S. Jha, S.A. Seshia, D. Song, R.E. Bryant, Semantics-aware malware detection ieee symposium on security and privacy. pp. 32- 46 ,(2005) , 10.1109/SP.2005.20
J. Newsome, B. Karp, D. Song, Polygraph: automatically generating signatures for polymorphic worms ieee symposium on security and privacy. pp. 226- 241 ,(2005) , 10.1109/SP.2005.15