资源描述:
《On the Infeasibility of Modeling Polymorphic Shellcode》由会员上传分享,免费在线阅读,更多相关内容在学术论文-天天文库。
1、OntheInfeasibilityofModelingPolymorphicShellcode∗YingboSongMichaelE.LocastoAngelosStavrouDept.ofComputerScienceDept.ofComputerScienceDept.ofComputerScienceColumbiaUniversityColumbiaUniversityColumbiaUniversityyingbo@cs.columbia.edulocasto@cs.columbia.eduangel@cs.columbia.eduAn
2、gelosD.KeromytisSalvatoreJ.StolfoDept.ofComputerScienceDept.ofComputerScienceColumbiaUniversityColumbiaUniversityangelos@cs.columbia.edusal@cs.columbia.eduABSTRACTKeywordsPolymorphicmalcoderemainsatroublingthreat.Theabilityforpolymorphism,shellcode,signaturegeneration,statisti
3、calmodelsmalcodetoautomaticallytransformintosemanticallyequivalentvariantsfrustratesattemptstorapidlyconstructasingle,simple,easilyverifiablerepresentation.Wepresentaquantitativeanaly-1.INTRODUCTIONsisofthestrengthsandlimitationsofshellcodepolymorphismandconsideritsimpactoncurr
4、entintrusiondetectionpractice.CodeinjectionattackshavetraditionallyreceivedagreatdealofWefocusonthenatureofshellcodedecodingroutines.Theem-attentionfrombothsecurityresearchersandtheblackhatcommu-piricalevidencewegatherhelpsshowthatmodelingtheclassofnity[1,14],andresearchershav
5、eproposedavarietyofdefenses,self–modifyingcodeislikelyintractablebyknownmethods,in-fromartificialdiversityoftheaddressspace[5]orinstructionsetcludingbothstatisticalconstructsandstringsignatures.Inaddi-[20,4]tocompiler-addedintegritycheckingofthestack[10,15]tion,wedevelopandpres
6、entmeasuresthatprovideinsightintotheorheapvariables[34]and“safer”versionsoflibraryfunctions[3].capabilities,strengths,andweaknessesofpolymorphicengines.InOthersystemsexploretheuseoftainteddataflowanalysistopre-ordertoexplorecountermeasurestofuturepolymorphicthreats,weventtheuse
7、ofuntrustednetworkorfileinput[9,29]aspartofshowhowtoimprovepolymorphictechniquesandcreateaproof-theinstructionstream.Finally,alargenumberofschemesproposeof-conceptengineexpressingtheseimprovements.capturingarepresentationoftheexploittocreateasignatureforOurresultsindicatethatth
8、eclassofpolymorphicbehaviorisuseindetectingandfilteringfuturev
