Automating mimicry attacks using static binary analysis

14th USENIX Security Symposium

Volumn , Issue , 2005, Pages 161-176

  Kruegel, Christopher ^a   Kirda, Engin ^a   Mutz, Darren ^b   Robertson, William ^b   Vigna, Giovanni ^b  

^a VIENNA UNIVERSITY OF TECHNOLOGY   (Austria)

^b UNIVERSITY OF CALIFORNIA   (United States)

Author keywords

Binary analysis; Evasion; Intrusion detection; Static analysis; Symbolic execution

Indexed keywords

COMPUTER CRIME; MODEL CHECKING; MONITORING; STATIC ANALYSIS;

APPLICATION BEHAVIORS; BINARY ANALYSIS; DETECTION FEATURES; EVASION; INTRUSION DETECTION SYSTEMS; STATE-OF-THE-ART SYSTEM; STATIC BINARY ANALYSIS; SYMBOLIC EXECUTION;

INTRUSION DETECTION;

EID: 85077528077     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (20)

1. R. Bagnara, E. Ricci, E. Zaffanella, and P. M. Hill. Possibly not closed convex polyhedra and the Parma Polyhedra Library. In 9th International Symposium on Static Analysis, 2002.
2. P. Cousot and R. Cousot. Abstract Interpretation: A Unified Lattice Model for Static Analysis of Programs by Construction or Approximation of Fix-points. In 4th ACM Symposium on Principles of Programming Languages (POPL), 1977.
3. H. Feng, J. Giffin, Y. Huang, S. Jha, W. Lee, and B. Miller. Formalizing sensitivity in static analysis for intrusion detection. In IEEE Symposium on Security and Privacy, 2004.
4. H. Feng, O. Kolesnikov, P. Fogla, W. Lee, and W. Gong. Anomaly detection using call stack information. In IEEE Symposium on Security and Privacy, 2003.
5. S. Forrest. A Sense of Self for UNIX Processes. In IEEE Symposium on Security and Privacy, 1996.
6. D. Gao, M. Reiter, and D. Song. Gray-Box Extraction of Execution Graphs for Anomaly Detection. In 11th ACM Conference on Computer and Communication Security (CCS), 2004.
7. D. Gao, M. Reiter, and D. Song. On Gray-Box Program Tracking for Anomaly Detection. In 13th Usenix Security Symposium, 2004.
8. J. Giffin, S. Jha, and B. Miller. Detecting Manipulated Remote Call Streams. In 11th Usenix Security Symposium, 2002.
9. J. Giffin, S. Jha, and B.P. Miller. Efficient context-sensitive intrusion detection. In 11th Network and Distributed System Security Symposium (NDSS), 2004.
10. J. King. Symbolic Execution and Program Testing. Communications of the ACM, 19(7), 1976.
11. L. Lam and T. Chiueh. Automatic Extraction of Accurate Application-Specific Sandboxing Policy. In Symposium on Recent Advances in Intrusion Detection (RAID), 2004.
12. T. Lengauer and R. Tarjan. A Fast Algorithm for Finding Dominators in a Flowgraph. ACM Transactions on Programming Languages and Systems, 1(1), 1979.
13. F. Nielson, H. Nielson, and C. Hankin. Principles of Program Analysis. Springer Verlag, 1999.
14. R. Sekar, M. Bendre, D. Dhurjati, and P. Bollineni. A fast automaton-based method for detecting anomalous program behaviors. In IEEE Symposium on Security and Privacy, 2001.
15. K. Tan, K. Killourhy, and R. Maxion. Undermining an Anomaly-Based Intrusion Detection System Using Common Exploits. In 5th Symposium on Recent Advances in Intrusion Detection (RAID), 2002.
16. D. Wagner and D. Dean. Intrusion Detection via Static Analysis. In IEEE Symposium on Security and Privacy, 2001.
17. D. Wagner and P. Soto. Mimicry Attacks on Host-Based Intrusion Detection Systems. In 9th ACM Conference on Computer and Communications Security (CCS), 2002.
18. C. Warrender, S. Forrest, and B.A. Pearlmutter. Detecting intrusions using system calls: Alternative data models. In IEEE Symposium on Security and Privacy, 1999.
19. A. Wespi, M. Dacier, and H. Debar. Intrusion Detection Using Variable-Length Audit Trail Patterns. In Recent Advances in Intrusion Detrection (RAID), 2000.
20. H. Xu, W. Du, and S. Chapin. Context Sensitive Anomaly Monitoring of Process Control Flow to Detect Mimicry Attacks and Impossible Paths. In Symposium on Recent Advances in Intrusion Detection (RAID), 2004.