期刊文献+

基于动态模拟的多态Shellcode检测系统 被引量:2

Polymorphic Shellcode Detection System Based on Dynamic Emulation
下载PDF
导出
摘要 通过分析多态Shellcode的行为特征,提出基于动态模拟的判决准则。以此准则为核心,针对现有方法的性能和应用性较差的问题,设计并实现了一个基于动态模拟的多态Shellcode检测系统,其模块采用多种优化技术以提高系统性能。使用3.3GB实际网络数据和11000个多态Shellcode样本对原型系统进行实验,其虚警和漏警率均为0,提高了系统的吞吐量。 Based on the analysis of the characteristics of polymorphic Shellcode's behavior, an dynamic emulation based detection criterion is proposed. Using the criterion, this paper designs and implements a dynamic emulation based polymorphic Shellcode detection system, which is highly optimized in each module. With 3.3 GB real network data and 11 000 polymorphic Sbellcode samples, the experiment on prototype presents zero false positive and false negative, and it improves the throughput of system.
出处 《计算机工程》 CAS CSCD 北大核心 2008年第13期7-9,共3页 Computer Engineering
基金 国家“973”计划基金资助项目(2003CB314805)
关键词 多态Shellcode 动态模拟 入侵检测 polymorphic Shellcode dynamic emulation intrusion detection
  • 相关文献

参考文献4

  • 1Szor P, Ferrie R Hunting for Metamorphic[C]//Proc. of the 11th Virus Bulletin Conference. Prague, Czech Republic: [s. n.], 2001.
  • 2Chinchani R, Berg E. A Fast Static Analysis Approach to Detect Exploit Code Inside Network Flows[C]//Proc. of International Symposium on Recent Advances in Intrusion Detection. Washington D. C., USA: [s. n.], 2005.
  • 3Polychronakis M, Anagnostakis K G, Markatos E E Network-level Polymorphic Shellcode Detection Using Emulation[C]//Proc. of International Conference on Detection of Intrusions & Malware, and Vulnerability Assessment. Berlin, Germany: [s. n.], 2006.
  • 4Zhang Qinghua, Reeves D S, Ning E Analyzing Network Traffic to Detect Self-decrypting Exploit Code[C]//Proc. of ACM Symposium on Information, Computer and Communications Security. Singapore [s. n.], 2007.

同被引文献17

  • 1Kreibich C, Crowcroft J. Honeycomb-creating intrusion detection signatures using honeypots [ J ].ACM SIGCOMM Comp Com Review,2004,34( 1 ) :51.
  • 2Kim H A, Karp B. Autograph : toward automated, distributed worm signature detection[ C]//Proc of the 13th USENIX Security Symposium, SanDiego: USENIX Association, 2004:271 - 286.
  • 3Christodorescu M, Jha S, Seshia S A, et al. Semanticsaware malware detection[C]//Proc of the 2005 IEEE Symposium on Security and Privacy,Oakland: [ s. n. ] ,2005:32 - 46.
  • 4Krugel C, Kirda E, Mutz D, et al. Polymorphic worm detection using structural information of executables [ C ]// Proc of Rapid Advances in Intrusion Detection Seattle, Berlin : Heidelberg,2005 : 207 - 226.
  • 5Akritidis P, Markatos E P, Polychronakis M, et al. Stride: polymorphic sled detection through instruction sequence analysis[ C]//Procs of the 20th IFIP International Information Security Conference, Chiba: Makuhari Messe, 2005 : 375 - 392.
  • 6Linn C, Debray S. Obfuscation of executable code to improve resistance to static disassembly [ C ]// Proc of the 10th ACM Conf on Comp and Com Security, New York: ACM, 2003 : 290 - 299.
  • 7Aycock J, deGraaf R, Jacobson M. Anti-disassembly using cryptographic hash functions [ J ].J in Comp Virology, 2006,2( 1 ) :79.
  • 8Polychronakis M, Anagnostakis G, Markatos P. Network-level polymorphic shellcode detection using emulation [J]. J in Comp Virology,2006,2(4) :257.
  • 9Sky Lined, Cipher. GetPC code[ EB/OL]. ( 2009 - 06 - 10) [2009 - 11 -03 ]. http://skypher.com/wiki/index. php/Hacking/Shellcode/GetPC ,2009.
  • 10Newsome J, Karp B, Song D. Polygraph : automatically generating signatures for polymorphic worms [ C ]// Proce of the IEEE Symposium on Security and Privacy, Oakland : IEEE Comp Soc ,2005:226 - 241.

引证文献2

二级引证文献3

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部