English shellcode

Proceedings of the ACM Conference on Computer and Communications Security

Volumn , Issue , 2009, Pages 524-533

  Mason, Joshua ^a   Small, Sam ^a   Monrose, Fabian ^b   MacManus, Greg ^c  

^a JOHNS HOPKINS UNIVERSITY   (United States)

^b UNIVERSITY OF NORTH CAROLINA   (United States)

^c iSIGHT Partners   (United States)

Author keywords

Natural language; Network emulation; Shellcode

Indexed keywords

BUFFER OVERFLOW ATTACKS; CODE INJECTION ATTACKS; COMMODITY HARDWARE; DIVIDE-AND-CONQUER APPROACH; ENCODING TECHNIQUES; ESSENTIAL COMPONENT; MALWARES; NATURAL LANGUAGES; PREVENTIVE MEASURES; PRIMARY OBJECTIVE; SECURITY COMMUNITY; SHELLCODE;

COMPUTER CRIME; LINGUISTICS;

NETWORK SECURITY;

EID: 74049102282     PISSN: 15437221     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1653662.1653725     Document Type: Conference Paper

References (27)

1. P. Akritidis, E. P. Markatos, M. Polychronakis, and K. Anagnostakis. STRIDE: Polymorphic Sled Detection through Instruction Sequence Analysis. In Proceedings of the International Information Security Conference, 2005.
2. K. Borders, A. Prakash, and M. Zielinski. Spector: Automatically Analyzing Shell Code. Proceedings of the Annual Computer Security Applications Conference, pages 501-514, 2007.
3. E. Buchanan, R. Roemer, H. Shacham, and S. Savage. When Good Instructions Go Bad: Generalizing Return-Oriented Programming to RISC. In Proceedings of ACM Conference on Computer and Communications Security, Oct. 2008.
4. C. Cowan, C. Pu, D. Maier, H. Hinton, P. Bakke, S. Beattie, A. Grier, P. Wagle, and Q. Zhang. Stackguard: Automatic Adaptive Detection and Prevention of Buffer-overflow Attacks. In Proceedings of the USENIX Security Symposium, pages 63-78, 1998.
5. T. Detristan, T. Ulenspiegel, Y. Malcom, and M. S. V. Underduk. Polymorphic Shellcode Engine Using Spectrum Analysis. Phrack, 11(61), August 2003.
6. T. Durden. Bypassing PaX ASLR Protection. Phrack, 11(59), July 2002.
7. K2. ADMmutate. See http://www.ktwo.ca/c/ADMmutate-0.8.4.tar.gz.
8. I. Kim, K. Kang, Y. Choi, D. Kim, J. Oh, and K. Han. A Practical Approach for Detecting Executable Codes in Network Traffic. In Asia-Pacific Network Operations and Management Symposium, 2007.
9. O. Kolesnikov, D. Dagon, and W. Lee. Advanced Polymorphic Worms: Evading IDS by Blending in with Normal Traffic. Technical Report GIT-CC-05-09, Georgia Institute of Technology, 2005.
10. G. MacManus and M. Sutton. Punk Ode: Hiding Shellcode in Plain Sight. In Black Hat USA, 2006.
11. Obscou. Building IA32 Unicode-Proof Shellcodes. Phrack, 11(61), August 2003.
12. A. One. Smashing The Stack For Fun And Profit. Phrack, 7(49), November 1996.
13. A. Pasupulati, J. Coit, K. Levitt, S. F. Wu, S. H. Li, R. C. Kuo, and K. P. Fan. Buttercup: on Network-based Detection of Polymorphic Buffer Overflow Vulnerabilities. In IEEE/IFIP Network Operation and Management Symposium, pages 235-248, May 2004.
14. U. Payer, P. Teufl, and M. Lamberger. Hybrid Engine for Polymorphic Shellcode Detection. In Proceedings of Detection of Intrusions and Malware & Vulnerability Assessment, pages 19-31, 2005.
15. M. Polychronakis, K. G. Anagnostakis, and E. P. Markatos. Network-level Polymorphic Shellcode Detection using Emulation. In Proceedings of Detection of Intrusions and Malware & Vulnerability Assessment, pages 54-73, 2006.
16. M. Polychronakis, K. G. Anagnostakis, and E. P. Markatos. Emulation-based Detection of Non-self-contained Polymorphic Shellcode. In Proceedings of the International Symposium on Recent Advances in Intrusion Detection, 2007.
17. M. Polychronakis, K. G. Anagnostakis, and E. P. Markatos. An Empirical Study of Real-world Polymorphic Code Injection Attacks. In USENIX Workshop on Large-Scale Exploits and Emergent Threats, 2009.
18. Rix. Writing IA32 Alphanumeric Shellcode. Phrack, 11(57), August 2001.
19. H. Shacham, M. Page, B. Pfaff, E.-J. Goh, N. Modadugu, and D. Boneh. On the effectiveness of address-space randomization. In Proceedings of ACM Conference on Computer and Communications Security, pages 298-307, Oct. 2004.
20. Y. Song, M. E. Locasto, A. Stavrou, A. D. Keromytis, and S. J. Stolfo. On the Infeasibility of Modeling Polymorphic Shellcode. In Proceedings of ACM Conference on Computer and Communications Security, pages 541-551, 2007.
21. A. Sotirov and M. Dowd. Bypassing Browser Memory Protections. In Black Hat USA, 2008.
22. A. N. Sovarel, D. Evans, and N. Paul. Where's the FEEB? On the Effectiveness of Instruction Set Randomization. In Proceedings of the USENIX Security Symposium, 2005.
23. T. Toth and C. Kruegel. Accurate Buffer Overflow Detection via Abstract Payload Execution. In Proceedings of the International Symposium on Recent Advances in Intrusion Detection, pages 274-291, 2002.
24. A. J. Viterbi. Error Bounds for Convolutional Codes and an Asymptotically Optimum Decoding Algorithm. IEEE Transactions on Information Theory, 13(2):260-269, April 1967.
25. T. Wana. Writing UTF-8 compatible shellcodes. Phrack, 11(62), July 2004.
26. X. Wang, Y.-C. Jhi, S. Zhu, and P. Liu. STILL: Exploit Code Detection via Static Taint and Initialization Analyses. Proceedings of the Annual Computer Security Applications Conference, pages 289-298, December 2008.
27. Q. Zhang, D. S. Reeves, P. Ning, and S. P. Iyer. Analyzing Network Traffic to Detect Self-decrypting Exploit Code. In Proceedings of the ACM Symposium on Information, Computer and Communications Security, 2007.