Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
CCS
2005
ACM
2005
ACM
On deriving unknown vulnerabilities from zero-day polymorphic and metamorphic worm exploits
Vulnerabilities that allow worms to hijack the control flow of each host that they spread to are typically discovered months before the worm outbreak, but are also typically discovered by third party researchers. A determined attacker could discover vulnerabilities as easily and create zero-day worms for vulnerabilities unknown to network defenses. It is important for an analysis tool to be able to generalize from a new exploit observed and derive protection for the vulnerability. Many researchers have observed that certain predicates of the exploit vector must be present for the exploit to work and that therefore these predicates place a limit on the amount of polymorphism and metamorphism available to the attacker. We formalize this idea and subject it to quantitative analysis with a symbolic execution tool called DACODA. Using DACODA we provide an empirical analysis of 14 exploits (seven of them actual worms or attacks from the Internet, caught by Minos with no prior knowledge of ...
Real-time Traffic| Added | 26 Jun 2010 |
| Updated | 26 Jun 2010 |
| Type | Conference |
| Year | 2005 |
| Where | CCS |
| Authors | Jedidiah R. Crandall, Zhendong Su, Shyhtsun Felix Wu, Frederic T. Chong |
Comments (0)
Researcher Info
|
