Function Call Mechanism Based Executable Code Detection for the Network Security

Function Call Mechanism Based Executable Code Detection for the Network Security

The general method in which attackers obtain the control authority of the remote host is through the exploit code. Motivated by the viewpoint that the exploit code normally contains some executable codes, we propose a method of detecting the executable codes included in packets for the network secur...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Daewon Kim, Yangseo Choi, Ikkyun Kim, Jintae Oh, Jongsoo Jang
Format: Tagungsbericht
Sprache:eng
Schlagworte:
exploit
network
Pattern matching
Payloads
Probability
Radiation detectors
Registers
Security
shellcode
Size measurement
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:The general method in which attackers obtain the control authority of the remote host is through the exploit code. Motivated by the viewpoint that the exploit code normally contains some executable codes, we propose a method of detecting the executable codes included in packets for the network security. Because some parts in the executable codes essentially include the function call related instruction patterns, we propose an approach detecting the instruction patterns following the function call mechanism. We have implemented a prototype and evaluated it against a variety of the executable and non-executable codes. The results show that the proposed method properly classifies the executable and non-executable codes.
DOI:10.1109/SAINT.2008.13