Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
ACSAC
2007
IEEE
2007
IEEE
Spector: Automatically Analyzing Shell Code
Detecting the presence of buffer overflow attacks in network messages has been a major focus. Only knowing whether a message contains an attack, however, is not always enough to mitigate the threat. It may also be critical to know what it does. Unfortunately, shell code is written in low-level assembly language, and can be obfuscated. The current method of analyzing shell code, manual reverse engineering, is time-consuming, requires significant expertise, and would be nearly impossible for a wide-scale polymorphic attack. In this paper, we introduce Spector, a symbolic execution engine that extracts meaningful high-level actions from shell code. Spector’s high-level output helps facilitate attack mitigation and classification of different payloads that have the same behavior. To evaluate Spector, we tested it with over 23,000 unique payloads. It identified eleven different classes of shell code, and processed all the payloads in just over three hours. Spector also successfully class...
Real-time TrafficACSAC 2007 | Buffer Overflow Attacks | Security Privacy | Shell Code | Wide-scale Polymorphic Attack |
| Added | 02 Jun 2010 |
| Updated | 02 Jun 2010 |
| Type | Conference |
| Year | 2007 |
| Where | ACSAC |
| Authors | Kevin Borders, Atul Prakash, Mark Zielinski |
Comments (0)
Researcher Info
|
