Function Call Mechanism Based Executable Code Detection for the Network Security

The general method in which attackers obtain the control authority of the remote host is through the exploit code. Motivated by the viewpoint that the exploit code normally contains some executable codes, we propose a method of detecting the executable codes included in packets for the network secur...

Full description

Saved in:
Bibliographic Details
Published in2008 International Symposium on Applications and the Internet pp. 62 - 67
Main Authors Daewon Kim, Yangseo Choi, Ikkyun Kim, Jintae Oh, Jongsoo Jang
Format Conference Proceeding
LanguageEnglish
Published IEEE 01.07.2008
Subjects
exploit
network
Pattern matching
Payloads
Probability
Radiation detectors
Registers
Security
shellcode
Size measurement
Online AccessGet full text

Cover

More Information
Summary:The general method in which attackers obtain the control authority of the remote host is through the exploit code. Motivated by the viewpoint that the exploit code normally contains some executable codes, we propose a method of detecting the executable codes included in packets for the network security. Because some parts in the executable codes essentially include the function call related instruction patterns, we propose an approach detecting the instruction patterns following the function call mechanism. We have implemented a prototype and evaluated it against a variety of the executable and non-executable codes. The results show that the proposed method properly classifies the executable and non-executable codes.
ISBN:0769532977
9780769532974
DOI:10.1109/SAINT.2008.13