Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
OSDI
2008
ACM
2008
ACM
Digging for Data Structures
Because writing computer programs is hard, computer programmers are taught to use encapsulation and modularity to hide complexity and reduce the potential for errors. Their programs will have a high-level, hierarchical structure that reflects their choice of internal abstractions. We designed and forged a system, Laika, that detects this structure in memory using Bayesian unsupervised learning. Because almost all programs use data structures, their memory images consist of many copies of a relatively small number of templates. Given a memory image, Laika can find both the data structures and their instantiations. We then used Laika to detect three common polymorphic botnets by comparing their data structures. Because it avoids their code polymorphism entirely, Laika is extremely accurate. Finally, we argue that writing a data structure polymorphic virus is likely to be considerably harder than writing a code polymorphic virus.
Real-time TrafficBayesian Unsupervised Learning | Common Polymorphic Botnets | Data Structures | Operating System | OSDI 2008 |
Related Content
| Added | 03 Dec 2009 |
| Updated | 03 Dec 2009 |
| Type | Conference |
| Year | 2008 |
| Where | OSDI |
| Authors | Anthony Cozzie, Frank Stratton, Hui Xue, Samuel T. King |
Comments (0)
Researcher Info
|
