원문정보
초록
영어
Nowadays, code injection is one of the most dangerous cyber attacks. Shellcode is a mali-cious code which is used in this type of attack. Processor emulation at network level is one of the best proposed methods against code injection attacks. Multiple run-time heuristics have been discussed in previous researches. However, none of them can detect those shellcodes in which hard-coded addresses are used. This type of shellcode cannot be used against ASLR-enabled Windows. Howbeit, older versions of Windows have still too many users. In addition, there are several hard-coded address contained shellcodes in public shellcode repositories which can be used easily by dummy hackers. In this paper, we propose a robust run-time heu-ristic for detecting this type of shellcode. Our objective is to augment the collection of the ex-isting run-time heuristics. The experimental results show that our new heuristic can effective-ly detect every shellcode in which hard-coded addresses are used.
목차
1. Introduction
2. Related Work
3. Shellcode Behavior Modeling
3.1. Dynamic Taint Algorithm
3.2. Detection Heuristic
3.3. WinExec Shellcode
4. Implementation
5. Experimental Result
5.1. Detection Effectiveness
5.2. Heuristic Robustness
6. Discussion
7. Conclusion
References