Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
INFOCOM
2010
IEEE
2010
IEEE
Malicious Shellcode Detection with Virtual Memory Snapshots
Abstract—Malicious shellcodes are segments of binary code disguised as normal input data. Such shellcodes can be injected into a target process’s virtual memory. They overwrite the process’s return addresses and hijack control flow. Detecting and filtering out such shellcodes is vital to prevent damage. In this paper, we propose a new malicious shellcode detection methodology in which we take snapshots of the process’s virtual memory before input data are consumed, and feed the snapshots to a malicious shellcode detector. These snapshots are used to instantiate a runtime environment that emulates the target process’s input data consumption to monitor shellcodes’ behaviors. The snapshots can also be used to examine the system calls that shellcodes invoke, these system call parameters, and the process’s execution flow. We implement a prototype system in Debian Linux with kernel version 2.6.26. Our extensive experiments with real traces and thousands of malicious shellcod...
Real-time TrafficRelated Content
| Added | 28 Jan 2011 |
| Updated | 28 Jan 2011 |
| Type | Journal |
| Year | 2010 |
| Where | INFOCOM |
| Authors | Boxuan Gu, Xiaole Bai, Zhimin Yang, Adam C. Champion, Dong Xuan |
Comments (0)
Researcher Info
|
