期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

一种shellcode动态检测与分析技术 被引量:3

A Dynamic Method for Detecting and Analysising of Shellcode
下载PDF
导出
摘要 提出一种基于动态二进制平台DynamoRIO的shellcode模型识别与功能分析方法,并实现了基于该方法的原型系统.首先总结了shellcode利用技术,分析了shellcode动态执行特征,利用自动机理论,对shellcode各执行阶段进行了形式化的描述,并给出了各阶段相应的自动机模型及检测分析算法,据此归纳得到shellcode的一般执行模式;其次,提出了一种shellcode的API调用序列分析方法,根据API类型和参数,实现了对shellcode的功能分析.实验结果表明,该方法能够有效检测shell-code,识别执行模式,判定shellcode执行功能.该检测方法对高效检测shellcode、快速判明网络攻击意图和提高对网络攻击事件的响应能力具有重要的应用价值. Propose an analysis method for model identification and functional analysis of shellcode based on dynamic binary platform DynamoRIO,and a prototype system based on this method is implemented.Based on characteristics of shellcode execution,combined w ith the theory of automata,each runtime stage of shellcode is formalized described,automata model and the corresponding detection and analysis of algorithms is also proposed.accordingly summarized the general execution mode of the shellcode.Shellcode API calling sequence analysis is given for functional analysis of the shellcode.Experimental results show that the system can effective detect shellcode,identify the execution mode and determine execution function.System has an important value in efficient detection of shellcode,identifying the attacker intent and improving the ability to respond to netw ork attacks.
作者 董鹏程 康绯 舒辉
机构地区 解放军信息工程大学信息工程学院
出处 《小型微型计算机系统》 CSCD 北大核心 2013年第7期1644-1649,共6页 Journal of Chinese Computer Systems
关键词 SHELLCODE DynamoRIO 动态检测 自动机模型 动态二进制平台 shellcode DynamoRIO dynamic detection automation model dynamic binary platform
分类号 TP309 [自动化与计算机技术—计算机系统结构]
  • 相关文献

参考文献7

  • 1Chinchani R, Berg E. A fast static analysis approach to detect ex- ploit code inside network flows[ C]. In Proceedings of the 8 Inter- national Symposium on Recent Advances in Intrusion Detection( RAID'05 ), 2005 : 284-308.
  • 2Cmegel C, Krida E. Polymorphic worm detection using structural information of executables[ C]. Proceedings of Recent Advances in Instruction Detection, Seattle, 2005: 220-237.
  • 3Michalis Polychronakis, Kostas G Anagnostakis, Evangeios P Mar- katus. Comprehensive shellcode detection using runtime heuristics [ C]. In Annual Computer Security Applications Conference 2010 (ACSAC'I0), Austin, Texas USA, 2010: 6-10.
  • 4Dennis Gamayunov, Nguyen Thoi Minh Quan, et al. Racewalk: fast instruction frequency analysis and classification for shellcode detection in network flow[ C]. European Conference on Computer Network Defense 2009, Milan, Italy, November 9, 2009:4-12.
  • 5Wang Lan-jia, Duan Hai-xin, Li Xing. Polymorphic shellcode detec- tion modeling and network layer detection based on dynamic emula- tionl Jl. Scientia Sinica Informationsis,2008,38 (10) : 1760-1773.
  • 6Bruening D L. Efficient, transparent, and comprehensive runtime code manipulation[ D]. USA: Massachusetts Institute of Technolo- gy, 2004.
  • 7王兰佳,段海新,李星.基于动态模拟的多态Shellcode建模与网络层检测[J].中国科学(E辑),2008,38(10):1760-1773. 被引量:3

二级参考文献15

  • 1Szor P, Ferrie P. Hunting for metamorphic. In: Proceedings of the Virus Bulletin Conference. Ofordshire: Virus Bulletin Ltd, 2001. 123-144
  • 2Payer U, Lamberger M, Teufl P. Hybrid engine for polymorphic code detection. In: Proceedings of the Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA'05). Berlin: Springer-Verlag, 2005. 19-31
  • 3Chinchani R, Berg E. A fast static analysis approach to detect exploit code inside network flows. In: Proceedings of the 8th International Symposium on Recent Advances in Intrusion Detection (RAID'05). Berlin: Springer-Verlag, 2005. 284-308
  • 4Kruegel C, Kirda E, Mutz D, et al. Polymorphic worm detection using structural information of executables. In: Proceedings of the 8th International Symposium on Recent Advances in Intrusion Detection (RAID'05). Berlin: Springer-Verlag, 2005
  • 5Polychronakis, M, Anagnostakis K G, Markatos E P. Network-level polymorphic shellcode detection using emulation. In: Proceedings of SIG SIDAR Conference on Detection of Intrusions and Malware & Vulnerability Assessment. Berlin: Springer-Verlag, 2006
  • 6Zhang Q, Reeves D S, Ning P, et al. Analyzing network traffic to detect self-decrypting exploit code. In: Proceedings of the 2nd ACM Symposium on InformAtion, Computer and Communications Security (ASIACCS'07), 2007. 4-12
  • 7Akritidis P, Markatos E, Polychronakis M, et al. Stride: Polymorphic sled detection through instruction sequence analysis. In: Proceedings of the 20th IFIP International Information Security Conference (SEC'05), 2005. 375-392
  • 8Toth T, Kruegel C. Accurate buffer overflow detection via abstract payload execution. In: Proceedings of the 5th International Symposium on Recent Advances in Intrusion Detection (RAID'02), 2002. 274-291
  • 9Payer U, Teufl P, Kraxberger S, et al. Massive data mining for polymorphic code detection. In: Mathematical Methods, Models and Architectures for Computer Network Security Workshop (MMM-ACNS'05), 2005. 25-27
  • 10Pasupulati A, Coit J, Levitt K, et al. Buttercup: On network-based detection of polymorphic buffer overflow vulnerabilities. In: Proceedings of Network Operations and Management Symposium (NOMS), 2004

共引文献2

同被引文献13

  • 1Polychronakis M, Anagnostakis K G, Markatos E P. Comprehensive shellcode detection using runtime heuristics[ C]//Pro- ceedings of the 26th Annual Computer Security Applications Conference. 2010: 287-296.
  • 2Zhao Z, Ahn G J. Using instruction sequence abstraction for shellcode detection and attribution [ C ]//Communications and Network Security (CNS), 2013 IEEE Conference on. 2013: 323-331.
  • 3Khodaverdi J, Amin F. A Robust Behavior Modeling for Detecting Hard-coded Address Contained Shellcodes[ J]. Internation- al Journal of Security & Its Applications, 2013, 7(5) :20-25.
  • 4Fujii T, Yoshioka K, Shikata J, et al. An Efficient Dynamic Detection Method for Various x86 Shellcodes[ C]//Applications and the Internet (SAINT), 2012 IEEE/IPSJ 12th International Symposium on. 2012: 284-289.
  • 5Fratantonio Y, Kruegel C, Vigna G. Shellzer: a tool for the dynamic analysis of malicious shellcode[ C]//Recent Advances in Intrusion Detection. 2011 : 61-80.
  • 6Tzermias Z, Sykiotakis G, Polychronakis M, et al. Combining static and dynamic analysis for the detection of maliclous docu- ments[ C ]//Proceedings of the Fourth European Workshop on System Security. 2011: 4.
  • 7Polychronakis M, Anagnostakis K G, Markatos E P. Network-level polymorphic shellcode detection using emulation[ J]. Jour- nal in Computer Virology, 2007, 2(4) : 257-274.
  • 8Polychronakis M, Anagnostakis K G, Markatos E P. Emulation-based detection of non-self-contained polymorphic shellcode [ C]//Recent Advances in Intrusion Detection. 2007: 87-106.
  • 9Song Y, Locasto M E, Stavrou A, et al. On the infeasibility of modeling polymorphic shellcode[ J]. Machine Learning, 2010, 81(2) : 179-205.
  • 10Huang H L, Liu T J, Chert K H, et al. A polymorphic shellcode detection mechanism in the network[ C ]//Proceedings of the 2nd international conference on Scalable information systems. 2007: 64.

引证文献3

二级引证文献1

小型微型计算机系统
2013年 第7期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部