Detection of Intrusions and Malware & Vulnerability Assessment, 2006, p.54-73
2006
Volltextzugriff (PDF)
Details
- Autor(en) / Beteiligte
- Titel
- Network–Level Polymorphic Shellcode Detection Using Emulation
- Ist Teil von
- Detection of Intrusions and Malware & Vulnerability Assessment, 2006, p.54-73
- Ort / Verlag
- Berlin, Heidelberg: Springer Berlin Heidelberg
- Erscheinungsjahr
- 2006
- Quelle
- Alma/SFX Local Collection
- Beschreibungen/Notizen
- As state–of–the–art attack detection technology becomes more prevalent, attackers are likely to evolve, employing techniques such as polymorphism and metamorphism to evade detection. Although recent results have been promising, most existing proposals can be defeated using only minor enhancements to the attack vector. We present a heuristic detection method that scans network traffic streams for the presence of polymorphic shellcode. Our approach relies on a NIDS–embedded CPU emulator that executes every potential instruction sequence, aiming to identify the execution behavior of polymorphic shellcodes. Our analysis demonstrates that the proposed approach is more robust to obfuscation techniques like self-modifications compared to previous proposals, but also highlights advanced evasion techniques that need to be more closely examined towards a satisfactory solution to the polymorphic shellcode detection problem.
- Sprache
- Englisch
- Identifikatoren
- ISBN: 9783540360148, 354036014XISSN: 0302-9743eISSN: 1611-3349DOI: 10.1007/11790754_4Titel-ID: cdi_pascalfrancis_primary_19183719
- Format
- –
- Schlagworte
- Applied sciences, Computer science, control theory, systems, Computer systems and distributed systems. User interface, Control Flow Graph, Exact sciences and technology, Input Buffer, Memory and file management (including protection and security), Memory Location, Memory organisation. Data processing, Network Intrusion Detection System, Software, USENIX Security Symposium