Abstract | ||
---|---|---|
Although several research teams have focused on binary code injection, it is still an unsolved problem. Misuse-based detection lacks the flexibility to tackle unseen malicious code samples and anomaly-based detection on byte patterns is highly vulnerable to byte cramming and blending attacks. In addition, it is desperately needed to correlate newly-detected code injection instances with known samples for better understanding the attack events and tactically mitigating future threats. In this paper, we propose a technique for modeling shellcode detection and attribution through a novel feature extraction method, called instruction sequence abstraction, that extracts coarse-grained features from an instruction sequence. Our technique facilitates a Markov-chain-based model for shellcode detection and support vector machines for encoded shellcode attribution. We also describe our experimental results on shellcode samples to demonstrate the effectiveness of our approach. |
Year | DOI | Venue |
---|---|---|
2013 | 10.1109/CNS.2013.6682722 | CNS |
Keywords | Field | DocType |
shellcode detection,attack events,instruction sequence abstraction,tactically mitigating future threats,unseen malicious code samples,binary code injection,feature extraction,anomaly-based detection,vector machines,markov chain,unsolved problem,code injection instances,binary codes,blending attacks,shellcode attribution,byte cramming,markov processes,byte patterns,security of data | Byte,Abstraction,Computer science,Computer security,Binary code,Support vector machine,Code injection,Feature extraction,Attribution,Shellcode | Conference |
ISSN | Citations | PageRank |
2474-025X | 3 | 0.49 |
References | Authors | |
15 | 2 |
Name | Order | Citations | PageRank |
---|---|---|---|
Ziming Zhao | 1 | 322 | 30.52 |
Gail-Joon Ahn | 2 | 3012 | 203.39 |