Function Call Mechanism Based Executable Code Detection for the Network Security

Function Call Mechanism Based Executable Code Detection for the Network Security

The general method in which attackers obtain the control authority of the remote host is through the exploit code. Motivated by the viewpoint that the exploit code normally contains some executable codes, we propose a method of detecting the executable codes included in packets for the network secur...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Daewon Kim, Yangseo Choi, Ikkyun Kim, Jintae Oh, Jongsoo Jang
Format: Tagungsbericht
Sprache:eng
Schlagworte:
exploit
network
Pattern matching
Payloads
Probability
Radiation detectors
Registers
Security
shellcode
Size measurement
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page 67
container_issue
container_start_page 62
container_title
container_volume
creator Daewon Kim
Yangseo Choi
Ikkyun Kim
Jintae Oh
Jongsoo Jang
description The general method in which attackers obtain the control authority of the remote host is through the exploit code. Motivated by the viewpoint that the exploit code normally contains some executable codes, we propose a method of detecting the executable codes included in packets for the network security. Because some parts in the executable codes essentially include the function call related instruction patterns, we propose an approach detecting the instruction patterns following the function call mechanism. We have implemented a prototype and evaluated it against a variety of the executable and non-executable codes. The results show that the proposed method properly classifies the executable and non-executable codes.
doi_str_mv 10.1109/SAINT.2008.13
format Conference Proceeding
fullrecord <record><control><sourceid>ieee_6IE</sourceid><recordid>TN_cdi_ieee_primary_4604544</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>4604544</ieee_id><sourcerecordid>4604544</sourcerecordid><originalsourceid>FETCH-LOGICAL-i90t-e4927b360ac96e6c818b15f32011dcfe5ef5c115918f469928b56481052ccc593</originalsourceid><addsrcrecordid>eNotjs1Kw0AURgekoK1dunIzL5B67_xlZlljq4VahWZfJpMbGk0TSaZo395KXR34OHwcxu4QZojgHrbz1SafCQA7Q3nFxpAap6VwaTpi47_ZiRScuGbTYfgAAHQmRSlu2Pvy2IZYdy3PfNPwVwp739bDgT_6gUq--KFwjL5oiGddSfyJIl30qut53BPfUPzu-k--PYt9HU-3bFT5ZqDpPycsXy7y7CVZvz2vsvk6qR3EhNQ5qJAGfHCGTLBoC9SVFIBYhoo0VTogaoe2UsY5YQttlEXQIoSgnZyw-8ttTUS7r74--P60UwaUVkr-Ah1BTX8</addsrcrecordid><sourcetype>Publisher</sourcetype><iscdi>true</iscdi><recordtype>conference_proceeding</recordtype></control><display><type>conference_proceeding</type><title>Function Call Mechanism Based Executable Code Detection for the Network Security</title><source>IEEE Electronic Library (IEL) Conference Proceedings</source><creator>Daewon Kim ; Yangseo Choi ; Ikkyun Kim ; Jintae Oh ; Jongsoo Jang</creator><creatorcontrib>Daewon Kim ; Yangseo Choi ; Ikkyun Kim ; Jintae Oh ; Jongsoo Jang</creatorcontrib><description>The general method in which attackers obtain the control authority of the remote host is through the exploit code. Motivated by the viewpoint that the exploit code normally contains some executable codes, we propose a method of detecting the executable codes included in packets for the network security. Because some parts in the executable codes essentially include the function call related instruction patterns, we propose an approach detecting the instruction patterns following the function call mechanism. We have implemented a prototype and evaluated it against a variety of the executable and non-executable codes. The results show that the proposed method properly classifies the executable and non-executable codes.</description><identifier>ISBN: 0769532977</identifier><identifier>ISBN: 9780769532974</identifier><identifier>DOI: 10.1109/SAINT.2008.13</identifier><identifier>LCCN: 2008927092</identifier><language>eng</language><publisher>IEEE</publisher><subject>exploit ; network ; Pattern matching ; Payloads ; Probability ; Radiation detectors ; Registers ; Security ; shellcode ; Size measurement</subject><ispartof>2008 International Symposium on Applications and the Internet, 2008, p.62-67</ispartof><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/4604544$$EHTML$$P50$$Gieee$$H</linktohtml><link.rule.ids>309,310,780,784,789,790,2058,27925,54920</link.rule.ids><linktorsrc>$$Uhttps://ieeexplore.ieee.org/document/4604544$$EView_record_in_IEEE$$FView_record_in_$$GIEEE</linktorsrc></links><search><creatorcontrib>Daewon Kim</creatorcontrib><creatorcontrib>Yangseo Choi</creatorcontrib><creatorcontrib>Ikkyun Kim</creatorcontrib><creatorcontrib>Jintae Oh</creatorcontrib><creatorcontrib>Jongsoo Jang</creatorcontrib><title>Function Call Mechanism Based Executable Code Detection for the Network Security</title><title>2008 International Symposium on Applications and the Internet</title><addtitle>SAINT</addtitle><description>The general method in which attackers obtain the control authority of the remote host is through the exploit code. Motivated by the viewpoint that the exploit code normally contains some executable codes, we propose a method of detecting the executable codes included in packets for the network security. Because some parts in the executable codes essentially include the function call related instruction patterns, we propose an approach detecting the instruction patterns following the function call mechanism. We have implemented a prototype and evaluated it against a variety of the executable and non-executable codes. The results show that the proposed method properly classifies the executable and non-executable codes.</description><subject>exploit</subject><subject>network</subject><subject>Pattern matching</subject><subject>Payloads</subject><subject>Probability</subject><subject>Radiation detectors</subject><subject>Registers</subject><subject>Security</subject><subject>shellcode</subject><subject>Size measurement</subject><isbn>0769532977</isbn><isbn>9780769532974</isbn><fulltext>true</fulltext><rsrctype>conference_proceeding</rsrctype><creationdate>2008</creationdate><recordtype>conference_proceeding</recordtype><sourceid>6IE</sourceid><sourceid>RIE</sourceid><recordid>eNotjs1Kw0AURgekoK1dunIzL5B67_xlZlljq4VahWZfJpMbGk0TSaZo395KXR34OHwcxu4QZojgHrbz1SafCQA7Q3nFxpAap6VwaTpi47_ZiRScuGbTYfgAAHQmRSlu2Pvy2IZYdy3PfNPwVwp739bDgT_6gUq--KFwjL5oiGddSfyJIl30qut53BPfUPzu-k--PYt9HU-3bFT5ZqDpPycsXy7y7CVZvz2vsvk6qR3EhNQ5qJAGfHCGTLBoC9SVFIBYhoo0VTogaoe2UsY5YQttlEXQIoSgnZyw-8ttTUS7r74--P60UwaUVkr-Ah1BTX8</recordid><startdate>200807</startdate><enddate>200807</enddate><creator>Daewon Kim</creator><creator>Yangseo Choi</creator><creator>Ikkyun Kim</creator><creator>Jintae Oh</creator><creator>Jongsoo Jang</creator><general>IEEE</general><scope>6IE</scope><scope>6IL</scope><scope>CBEJK</scope><scope>RIE</scope><scope>RIL</scope></search><sort><creationdate>200807</creationdate><title>Function Call Mechanism Based Executable Code Detection for the Network Security</title><author>Daewon Kim ; Yangseo Choi ; Ikkyun Kim ; Jintae Oh ; Jongsoo Jang</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-i90t-e4927b360ac96e6c818b15f32011dcfe5ef5c115918f469928b56481052ccc593</frbrgroupid><rsrctype>conference_proceedings</rsrctype><prefilter>conference_proceedings</prefilter><language>eng</language><creationdate>2008</creationdate><topic>exploit</topic><topic>network</topic><topic>Pattern matching</topic><topic>Payloads</topic><topic>Probability</topic><topic>Radiation detectors</topic><topic>Registers</topic><topic>Security</topic><topic>shellcode</topic><topic>Size measurement</topic><toplevel>online_resources</toplevel><creatorcontrib>Daewon Kim</creatorcontrib><creatorcontrib>Yangseo Choi</creatorcontrib><creatorcontrib>Ikkyun Kim</creatorcontrib><creatorcontrib>Jintae Oh</creatorcontrib><creatorcontrib>Jongsoo Jang</creatorcontrib><collection>IEEE Electronic Library (IEL) Conference Proceedings</collection><collection>IEEE Proceedings Order Plan All Online (POP All Online) 1998-present by volume</collection><collection>IEEE Xplore All Conference Proceedings</collection><collection>IEEE Electronic Library (IEL)</collection><collection>IEEE Proceedings Order Plans (POP All) 1998-Present</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Daewon Kim</au><au>Yangseo Choi</au><au>Ikkyun Kim</au><au>Jintae Oh</au><au>Jongsoo Jang</au><format>book</format><genre>proceeding</genre><ristype>CONF</ristype><atitle>Function Call Mechanism Based Executable Code Detection for the Network Security</atitle><btitle>2008 International Symposium on Applications and the Internet</btitle><stitle>SAINT</stitle><date>2008-07</date><risdate>2008</risdate><spage>62</spage><epage>67</epage><pages>62-67</pages><isbn>0769532977</isbn><isbn>9780769532974</isbn><abstract>The general method in which attackers obtain the control authority of the remote host is through the exploit code. Motivated by the viewpoint that the exploit code normally contains some executable codes, we propose a method of detecting the executable codes included in packets for the network security. Because some parts in the executable codes essentially include the function call related instruction patterns, we propose an approach detecting the instruction patterns following the function call mechanism. We have implemented a prototype and evaluated it against a variety of the executable and non-executable codes. The results show that the proposed method properly classifies the executable and non-executable codes.</abstract><pub>IEEE</pub><doi>10.1109/SAINT.2008.13</doi><tpages>6</tpages></addata></record>
fulltext fulltext_linktorsrc
identifier ISBN: 0769532977
ispartof 2008 International Symposium on Applications and the Internet, 2008, p.62-67
issn
language eng
recordid cdi_ieee_primary_4604544
source IEEE Electronic Library (IEL) Conference Proceedings
subjects exploit
network
Pattern matching
Payloads
Probability
Radiation detectors
Registers
Security
shellcode
Size measurement
title Function Call Mechanism Based Executable Code Detection for the Network Security
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-06T11%3A43%3A31IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-ieee_6IE&rft_val_fmt=info:ofi/fmt:kev:mtx:book&rft.genre=proceeding&rft.atitle=Function%20Call%20Mechanism%20Based%20Executable%20Code%20Detection%20for%20the%20Network%20Security&rft.btitle=2008%20International%20Symposium%20on%20Applications%20and%20the%20Internet&rft.au=Daewon%20Kim&rft.date=2008-07&rft.spage=62&rft.epage=67&rft.pages=62-67&rft.isbn=0769532977&rft.isbn_list=9780769532974&rft_id=info:doi/10.1109/SAINT.2008.13&rft_dat=%3Cieee_6IE%3E4604544%3C/ieee_6IE%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rft_ieee_id=4604544&rfr_iscdi=true