Counteracting Data-Only Malware with Code Pointer Examination

8 years 11 days ago

Download www.sec.in.tum.de

As new code-based defense technologies emerge, attackers move to data-only malware, which is capable of infecting a system without introducing any new code. To manipulate the control ow without code, data-only malware inserts a control data structure into the system, for example in the form of a ROP chain, which enables it to combine existing instructions into a new malicious program. Current systems try to hinder data-only malware by detecting the point in time when the malware starts executing. However, it has been shown that these approaches are not only performance consuming, but can also be subverted. In this work, we introduce a new approach, Code Pointer Examination (CPE), which aims to detect data-only malware by identifying and classifying code pointers. Instead of targeting control ow changes, our approach targets the control structure of data-only malware, which mainly consists of pointers to the instruction sequences that the malware reuses. Since the control structure is...

Thomas Kittel, Sebastian Vogl, Julian Kirsch, Clau

Real-time Traffic

Computer Networks | RAID 2015 |

claim paper

Post Info
More Details (n/a)

Added	17 Apr 2016
Updated	17 Apr 2016
Type	Journal
Year	2015
Where	RAID
Authors	Thomas Kittel, Sebastian Vogl, Julian Kirsch, Claudia Eckert

Comments (0)

Sciweavers

Counteracting Data-Only Malware with Code Pointer Examination

Computer Networks | RAID 2015 |

Explore & Download

Productivity Tools

Document Tools

Image Tools

Sciweavers