Detection of injected, dynamically generated, and obfuscated malicious code

WORM'03 - Proceedings of the 2003 ACM Workshop on Rapid Malcode

Volumn , Issue , 2003, Pages 76-82

  Rabek, Jesse C ^a   Khazan, Roger I ^a   Lewandowski, Scott M ^a   Cunningham, Robert K ^a  

^a MASSACHUSETTS INSTITUTE OF TECHNOLOGY   (United States)

Author keywords

Anomaly detection; Code analysis; Dynamic analysis; Execution monitoring; Intrusion detection; Malicious code detection; Static analysis; System calls

Indexed keywords

CODES (SYMBOLS); COMPUTER NETWORKS; COMPUTER OPERATING SYSTEMS; COMPUTER SOFTWARE; COMPUTER VIRUSES; FINITE AUTOMATA; INTEROPERABILITY; MATHEMATICAL MODELS; PROGRAM COMPILERS; SECURITY OF DATA;

ANOMALY DETECTIONS; CODE ANALYSIS; DYNAMIC ANALYSIS; EXECUTION MONITORING; INTRUSION DETECTIONS; MALICIOUS CODE DETECTION; STATIC ANALYSIS; SYSTEM CALLS;

SOFTWARE ENGINEERING;

EID: 18844437024     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/948187.948201     Document Type: Conference Paper

References (15)

1. Pietrek, M. Inside Windows: An In-Depth Look into the Win32 Portable Executable File Format (Part I). In www.msdn.microsoft.com. 2002.
2. Bergeron, J., M. Debbabi, M.M. Erhioui, and B. Ktari. Static Analysis of Binary Code to Isolate Malicious Behaviours. In WET ICE 99. 1999.
3. Wagner, and Dean. Intrusion Detection via Static Analysis. In IEEE Symposium on Research in Security and Privacy. 2001. Oakland, CA.
4. Kaplan, Y. API Spying Techniques for Windows 9x, NT and 2000. http://www.internals.com/articles/apispy/apispy.htm
5. G. Hunt, D.B., Detours: Binary Interception of Win32 Functions. 1999, Microsoft Research.
6. Wagner, D., and P. Soto. Mimicry Attacks on Host Based Intrusion Detection Systems. In 9th ACM Conference on Computer and Communications Security. 2002. Washington, DC, USA.
7. Data Rescue. IDA Pro Disassembler. http://www.datarescue.com/idabase/
8. Frédéric Perriot, P.F., Péter Ször, Striking Similarities, in Virus Bulletin. 2002. p. 4-6.
9. Tünnissen, J. Intrusion Detection, Honeypots & Incident Response resources. http://www.honeypots.net/
10. Feng, H., O. Kolesnikov, P. Fogla, W. Lee, and W. Gong. Anomaly Detection Using Call Stack Information. In IEEE Security and Privacy. 2003. Oakland, CA.
11. Sekar, R., A. Gupta, J. Frullo, T. Shanbhag, A. Tiwari, H. Yang, and S. Zhou. Specification-Based Anomaly Detection: A New Approach for Detecting Network Intrusions. 2002. Washington, DC, USA.
12. Giffin, J.T., S. Jha, and B.P. Miller. Detecting Manipulated Remote Call Streams. In 11th USENIX Security Symposium. 2002.
13. Ghosh, A.K., A. Schwartzbard, and M. Schatz. Learning Program Behavious Profiles for Intrusion Detection. In Usenix Workshop on Intrusion Detection and Network Monitoring. 1999. Santa Clara, CA.
14. Warrender, C., S. Forrest, and B. Pearlmutter. Detecting Intrusions Using System Calls: Alternative Data Models. In IEEE Symposium on Security and Privacy. 1999.
15. Axelsson, S. The Base-Rate Fallacy and Its Implications for the Difficulty of Intrusion Detection. In ACM Conference on Computer and Communications Security. 1999.