SHELLOS: enabling fast detection and forensic analysis of code injection attacks
作者: Fabian Monrose , Srinivas Krishnan , Kevin Z. Snow , Niels Provos
DOI:
关键词:
摘要: The availability of off-the-shelf exploitation toolkits for compromising hosts, coupled with the rapid rate exploit discovery and disclosure, has made or vulnerability-based detection far less effective than it once was. For instance, increasing use metamorphic polymorphic techniques to deploy code injection attacks continues confound signature-based techniques. key detecting these lies in ability discover presence injected (or, shellcode). One promising technique doing so is examine data (be that from network streams buffers a process) efficiently execute its content find what lurks within. Unfortunately, current approaches achieving this goal are not robust evasion scalable, primarily because their reliance on software-based CPU emulators. In paper, we argue emulation necessary, instead propose new framework leverages hardware virtualization better enable attacks. We also report our experience using analyze corpus malicious Portable Document Format (PDF) files network-based
ai.google 参考文章(35)
Giampaolo Fresi Roglia, Roberto Paleari, Lorenzo Martignoni, Danilo Bruschi, A fistful of red-pills: how to automatically generate procedures to detect CPU emulators WOOT'09 Proceedings of the 3rd USENIX conference on Offensive technologies. pp. 2- 2 ,(2009)
Charlie Curtsinger, Benjamin Livshits, Benjamin Zorn, Christian Seifert, ZOZZLE: fast and precise in-browser JavaScript malware detection usenix security symposium. pp. 3- 3 ,(2011)
Kostas G. Anagnostakis, Michalis Polychronakis, Evangelos P. Markatos, An empirical study of real-world polymorphic code injection attacks usenix conference on large scale exploits and emergent threats. pp. 9- 9 ,(2009)
Thomas Raffetseder, Christopher Kruegel, Engin Kirda, Detecting System Emulators Lecture Notes in Computer Science. pp. 1- 18 ,(2007) , 10.1007/978-3-540-75496-1_1
Panayiotis Mavrommatis, Niels Provos, Dean McNamee, Nagendra Modadugu, Ke Wang, The ghost in the browser analysis of web-based malware conference on workshop on hot topics in understanding botnets. pp. 4- 4 ,(2007)
Paruj Ratanaworabhan, Benjamin Livshits, Benjamin Zorn, NOZZLE: a defense against heap-spraying code injection attacks usenix security symposium. pp. 169- 186 ,(2009)
Fabrice Bellard, QEMU, a fast and portable dynamic translator usenix annual technical conference. pp. 41- 41 ,(2005)
F. Hernandez-Campos, K. Jeffay, F.D. Smith, Tracking the evolution of Web traffic: 1995-2003 11th IEEE/ACM International Symposium on Modeling, Analysis and Simulation of Computer Telecommunications Systems, 2003. MASCOTS 2003.. pp. 16- 25 ,(2003) , 10.1109/MASCOT.2003.1240638
Udo Payer, Peter Teufl, Mario Lamberger, Hybrid engine for polymorphic shellcode detection international conference on detection of intrusions and malware and vulnerability assessment. pp. 19- 31 ,(2005) , 10.1007/11506881_2
Ikkyun Kim, Koohong Kang, YangSeo Choi, Daewon Kim, Jintae Oh, Kijun Han, A practical approach for detecting executable codes in network traffic asia pacific network operations and management symposium. pp. 354- 363 ,(2007) , 10.1007/978-3-540-75476-3_36