Reuse-oriented camouflaging trojan: Vulnerability detection and attack construction

Proceedings of the International Conference on Dependable Systems and Networks

Volumn , Issue , 2010, Pages 281-290

  Lin, Zhiqiang ^a   Zhang, Xiangyu ^a   Xu, Dongyan ^a  

^a PURDUE UNIVERSITY   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

ANOMALOUS BEHAVIOR; BINARY PROGRAMS; COMMUNICATION PROTOCOLS; NETWORK LEVEL; REAL-WORLD; TROJANS; VULNERABILITY DETECTION;

COMMUNICATION; NETWORK PROTOCOLS;

COMPUTER SOFTWARE REUSABILITY;

EID: 77956569612     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/DSN.2010.5544305     Document Type: Conference Paper

References (31)

1. Bitdefender malware and spam survey. http://news.bitdefender.com/NW1094- en-BitDefender-Malware-and-Spam-Survey-finds-E-Threats-Adapting-to-Online- Behavioral-Trends.html.
2. Gnutella protocol spec. http://wiki.limewire.org/index.php?title=GDF.
3. National Software Reference Library. http://www.nsrl.nist.gov/.
4. Most abused infection vector. http://blog.trendtnicro.com/most-abused- infection-vector/.
5. Virus collection (vx heavens). http://vx.netlux.org/vl.php, visited in Nov. 2009.
6. Parasitic malware: The resurgence of an old threat. Network Security, 2008(3): 15 - 18, 2008.
7. M. Abadi, M. Budiu, Úlfar Erlingsson, and J. Ligatti. Control-flow integrity. In ACMCCS'05, 2005.
8. O. Agesen, D. Detlefs, and J. E. Moss. Garbage collection and local variable type-precision and liveness in java virtual machines. SIG-PLAN Not., 33(5):269-279, 1998.
9. H.-J. Boehm. Space efficient conservative garbage collection. In ACM PLDI'93, 1993.
10. E. Buchanan, R. Roemer, H. Shacham, and S. Savage. When good instructions go bad: Generalizing return-oriented programming to RISC. In ACM CCS'08, 2008.
11. J. Caballero, N. M. Johnson, S. McCamant, and D. Song. Binary code extraction and interface identification for security applications. In ISOC NDSS'10, 2010.
12. J. Canto, M. Dacier, E. Kirda, and C. Leita. Large scale malware collection: lessons learned. In IEEE SRDS'08, 2008.
13. J. Chow, B. Pfaff, T. Garfinkel, K. Christopher, and M. Rosenblum. Understanding data lifetime via whole system simulation. In 13th USENIX Security Symposium, 2004.
14. C. Kolbitsch, T. Holz, C. Kruegel and E. Kirda. Inspector gadget: Automated extraction of proprietary gadgets from malware binaries. In IEEE Symposium on Security and Privacy, 2010.
15. S. Designer. "retum-to-libc" attack. Bugtraq, August 1997.
16. H. H. Feng, O. M. Kolesnikov, P. Fogla, W. Lee, and W. Gong. Anomaly detection using call stack information. In IEEE Symposium on Security and Privacy, 2003.
17. O. Greevy and S. Ducasse. Correlating features and code using a compact two-sided trace analysis approach. In European Conference on Software Maintenance and Reengineering, 2005.
18. S. A. Hofmeyr, S. Forrest, and A. Somayaji. Intrusion detection using sequences of system calls. J. Computer Security, 6(3):151-180, 1998.
19. A. D. Keromytis. Randomized instruction sets and runtime environments past research and future directions. IEEE Security and Privacy, 7(1):18-25, 2009.
20. G. H. Kim and E. H. Spafford. The design and implementation of tripwire: a file system integrity checker. In ACM CCS'94, 1994.
21. B. Korel and J. Laski. Dynamic program slicing. Information Processing Letters, 29(3):155-163, 1988.
22. Z. Lin, X. Zhang, and D. Xu. Reuse-Oriented Camouflaging Attack: Vulnerability Detection and Attack Construction. Technical report, CERIAS TR 2009-29, Purdue University, 2009.
23. Nergal. The advanced return-into-lib(c) exploits: Pax case study. Phrack, 10(58), 2001.
24. N. Nethercote and J. Seward. Valgrind: A framework for heavyweight dynamic binary instrumentation. In ACMPLDI'07, 2007.
25. J. Newsome and D. Song. Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software. In ISOC NDSS'05, 2005.
26. K. Pattabiraman, N. Nakka, Z. Kalbarczyk, and R. Iyer. Discovering Application-Level Insider Attacks Using Symbolic Execution. In Proc. of the 24th IFIP SEC, 2009.
27. H. Shacham. The geometry of innocent flesh on the bone: return-into-libc without function calls. In ACM CCS'07, 2007.
28. K. Wang and S. J. Stolfo. Anomalous payload-based network intrusion detection. In Recent Advances in Intrusion Detection, 2004.
29. W. E. Wong, S. S. Gokhale, and J. R. Horgan. Quantifying the closeness between program components and features. J. Syst. Softw., 54(2):87-98, 2000.
30. H. Yin, D. Song, E. Manuel, C. Kruegel, and E. Kirda. Panorama: Capturing system-wide information flow for malware detection and analysis. In ACM CCS'07, 2007.
31. T. Zimmermann and A. Zeller. Visualizing memory graphs. In Revised Lectures on Software Visualization, International Seminar, 2002.