SCOPUS 정보 검색 플랫폼

LEET 2009 - 2nd USENIX Workshop on Large-Scale Exploits and Emergent Threats: Botnets, Spyware, Worms, and More

Volumn , Issue , 2009, Pages

An empirical study of real-world polymorphic code injection attacks

(3) Polychronakis, Michalis a Anagnostakis, Kostas G b Markatos, Evangelos P a

a INSTITUTE OF COMPUTER SCIENCE (Greece)

b INSTITUTE FOR INFOCOMM RESEARCH (Singapore)

Author keywords

[No Author keywords available]

Indexed keywords

BOTNET; COMPUTER VIRUSES;

CODE INJECTION ATTACKS; EMPIRICAL STUDIES; MALWARE FAMILIES; MALWARE PROPAGATION; NETWORK LEVEL; NETWORK SERVICES; PRODUCTION SYSTEM; REMOTE CODE;

CODES (SYMBOLS);

EID: 85084096732 PISSN: None EISSN: None Source Type: Conference Proceeding
DOI: None Document Type: Conference Paper

Times cited : (26)

References (23)

1
- 84874507364
- The metasploit project. http://www.metasploit.com/.
- The Metasploit Project

2
- 84885889406
- Oct
- Microsoft Security Bulletin MS08-067 – Critical, Oct. 2008. http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx.
- (2008) Microsoft Security Bulletin MS08-067 – Critical

3
- 78149325194
- Jan
- Calculating the Size of the Downadup Outbreak, Jan. 2009. http://www.f-secure.com/weblog/archives/00001584.html.
- (2009) Calculating the Size of the Downadup Outbreak

4
- 33746454258
- P. Bania. TAPiON, 2005. http://pb.specialised.info/all/tapion/.
- (2005) TAPiON
- Bania, P.¹

5
- 48649100256
- Spector: Automatically analyzing shell code
- K. Borders, A. Prakash, and M. Zielinski. Spector: Automatically analyzing shell code. In Proceedings of the Annual Computer Security Applications Conference (ACSAC), pages 501–514, 2007.
- (2007) Proceedings of the Annual Computer Security Applications Conference (ACSAC) , pp. 501-514
- Borders, K.¹ Prakash, A.² Zielinski, M.³

6
- 33745788387
- On deriving unknown vulnerabilities from zero-day polymorphic and metamorphic worm exploits
- J. R. Crandall, Z. Su, S. F. Wu, and F. T. Chong. On deriving unknown vulnerabilities from zero-day polymorphic and metamorphic worm exploits. In Proceedings of the 12th ACM conference on Computer and communications security (CCS), pages 235–248, 2005.
- (2005) Proceedings of the 12th ACM Conference on Computer and Communications Security (CCS) , pp. 235-248
- Crandall, J.R.¹ Su, Z.² Wu, S.F.³ Chong, F.T.⁴

7
- 33644565261
- Polymorphic shellcode engine using spectrum analysis
- Aug
- T. Detristan, T. Ulenspiegel, Y. Malcom, and M. Underduk. Polymorphic shellcode engine using spectrum analysis. Phrack, 11(61), Aug. 2003.
- (2003) Phrack , vol.11 , Issue.61
- Detristan, T.¹ Ulenspiegel, T.² Malcom, Y.³ Underduk, M.⁴

8
- 85077703150
- Polymorphic blending attacks
- th USENIX Security Symposium, 2006.
- (2006) th USENIX Security Symposium
- Fogla, P.¹ Sharif, M.² Perdisci, R.³ Kolesnikov, O.⁴ Lee, W.⁵

9
- 37849044998
- Measurement and analysis of autonomous spreading malware in a university environment
- J. Goebel, T. Holz, and C. Willems. Measurement and analysis of autonomous spreading malware in a university environment. In Proceedings of the 4th international conference on Detection of Intrusions and Malware, & Vulnerability Assessment (DIMVA), pages 109–128, 2007.
- (2007) Proceedings of the 4th International Conference on Detection of Intrusions and Malware, & Vulnerability Assessment (DIMVA) , pp. 109-128
- Goebel, J.¹ Holz, T.² Willems, C.³

10
- 84888375990
- K2. ADMmutate, 2001. http://www.ktwo.ca/ ADMmutate- 0.8.4.tar.gz.
- (2001) ADMmutate

11
- 33746389292
- Polymorphic worm detection using structural information of ex-ecutables
- Sept
- C. Kruegel, E. Kirda, D. Mutz, W. Robertson, and G. Vigna. Polymorphic worm detection using structural information of ex-ecutables. In Proceedings of the International Symposium on Recent Advances in Intrusion Detection (RAID), Sept. 2005.
- (2005) Proceedings of the International Symposium on Recent Advances in Intrusion Detection (RAID)
- Kruegel, C.¹ Kirda, E.² Mutz, D.³ Robertson, W.⁴ Vigna, G.⁵

12
- 34547448056
- Finding diversity in remote code injection exploits
- J. Ma, J. Dunagan, H. J. Wang, S. Savage, and G. M. Voelker. Finding diversity in remote code injection exploits. In Proceedings of the 6th Internet Measurement Conference (IMC), pages 53–64, 2006.
- (2006) Proceedings of the 6th Internet Measurement Conference (IMC) , pp. 53-64
- Ma, J.¹ Dunagan, J.² Wang, H.J.³ Savage, S.⁴ Voelker, G.M.⁵

13
- 35348858789
- Network-level polymorphic shellcode detection using emulation
- July
- M. Polychronakis, E. P. Markatos, and K. G. Anagnostakis. Network-level polymorphic shellcode detection using emulation. In Proceedings of the Third Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA), July 2006.
- (2006) Proceedings of the Third Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA)
- Polychronakis, M.¹ Markatos, E.P.² Anagnostakis, K.G.³

14
- 70449660109
- Emulation-based detection of non-self-contained polymorphic shellcode
- September
- M. Polychronakis, E. P. Markatos, and K. G. Anagnostakis. Emulation-based detection of non-self-contained polymorphic shellcode. In Proceedings of the 10th International Symposium on Recent Advances in Intrusion Detection (RAID), September 2007.
- (2007) Proceedings of the 10th International Symposium on Recent Advances in Intrusion Detection (RAID)
- Polychronakis, M.¹ Markatos, E.P.² Anagnostakis, K.G.³

15
- 80053650188
- All your iFRAMEs point to us
- N. Provos, P. Mavrommatis, M. A. Rajab, and F. Monrose. All your iFRAMEs point to us. In Proceedings of the 17th USENIX Security Symposium, pages 1–16, 2008.
- (2008) Proceedings of the 17th USENIX Security Symposium , pp. 1-16
- Provos, N.¹ Mavrommatis, P.² Rajab, M.A.³ Monrose, F.⁴

16
- 38149098941
- Writing ia32 alphanumeric shellcodes
- Rix. Aug
- Rix. Writing ia32 alphanumeric shellcodes. Phrack, 11(57), Aug. 2001.
- (2001) Phrack , vol.11 , Issue.57

17
- 78751553661
- Skape. Understanding windows shellcode, 2003. http://www.hick.org/code/skape/papers/ win32- shellcode.pdf.
- (2003) Understanding Windows Shellcode

18
- 85075105367
- Implementing a custom x86 encoder
- Skape. Sept
- Skape. Implementing a custom x86 encoder. Uninformed, 5, Sept. 2006.
- (2006) Uninformed , vol.5

19
- 41549098765
- On the infeasibility of modeling polymorphic shellcode
- Y. Song, M. E. Locasto, A. Stavrou, A. D. Keromytis, and S. J. Stolfo. On the infeasibility of modeling polymorphic shellcode. In Proceedings of the 14th ACM conference on Computer and communications security (CCS), pages 541–551, 2007.
- (2007) Proceedings of the 14th ACM Conference on Computer and Communications Security (CCS) , pp. 541-551
- Song, Y.¹ Locasto, M.E.² Stavrou, A.³ Keromytis, A.D.⁴ Stolfo, S.J.⁵

20
- 33646414637
- Addison-Wesley Professional, February
- P. Ször. The Art of Computer Virus Research and Defense. Addison-Wesley Professional, February 2005.
- (2005) The Art of Computer Virus Research and Defense
- Ször, P.¹

21
- 84941149413
- B.-J. Wever. Alpha 2, 2004. http://www.edup.tudelft.nl/∼bjwever/src/alpha2.c.
- (2004) Alpha 2
- Wever, B.-J.¹

22
- 3543060790
- Internet intrusions: Global characteristics and prevalence
- V. Yegneswaran, P. Barford, and J. Ullrich. Internet intrusions: global characteristics and prevalence. In Proceedings of the 2003 ACM SIGMETRICS international conference on Measurement and modeling of computer systems, 2003.
- (2003) Proceedings of the 2003 ACM SIGMETRICS International Conference on Measurement and Modeling of Computer Systems
- Yegneswaran, V.¹ Barford, P.² Ullrich, J.³

23
- 34748920757
- Analyzing network traffic to detect self-decrypting exploit code
- Q. Zhang, D. S. Reeves, P. Ning, and S. P. Lyer. Analyzing network traffic to detect self-decrypting exploit code. In Proceedings of the 2nd ACM Symposium on Information, Computer and Communications Security (ASIACCS), pages 4–12, 2007.
- (2007) Proceedings of the 2nd ACM Symposium on Information, Computer and Communications Security (ASIACCS) , pp. 4-12
- Zhang, Q.¹ Reeves, D.S.² Ning, P.³ Lyer, S.P.⁴

* 이 정보는 Elsevier사의 SCOPUS DB에서 KISTI가 분석하여 추출한 것입니다.