作者: Ramkumar Chinchani , Eric Van Den Berg
DOI:
关键词:
摘要: A common way by which attackers gain control of hosts is through remote exploits. new dimension to the problem added worms use exploit code self-propagate, and are becoming a commonplace occurrence. Defense mechanisms exist but popular ones signature-based techniques known byte patterns, they can be thwarted using polymorphism, metamorphism other obfuscations. In this paper, we argue that characterized more than just pattern because, in addition, there definite data flow. We propose fast static analysis based approach essentially litmus test operates making distinction between data, programs program-like code. have implemented prototype called styx evaluated it against real collected at our organizational network. Results show able detect variety also generate very specific signatures. Moreover, shows initial promise polymorphism metamorphism.