A Hybrid Detection Approach for Zero-Day Polymorphic Shellcodes

机译：零日多态Shellcode的混合检测方法

获取原文

页面导航

摘要
著录项
相似文献
相关主题

摘要

Zero-day shellcodes has become a major threat to the Internet with complex obfuscation techniques. However, even the state-of-the-art NIDS has small chances of detecting them because they rely on known signatures. This paper presents hybrid detection for zero-day polymorphic shellcodes (HDPS) against shellcodes using various obfuscations. Our approach employs a heuristic approach to detect return address and filter mass innocent network flows, and then constructs a Markov model to detect the existence and location of executable codes in suspicious flows. Finally, it applies an elaborate approach to detect NOP Sleds in the executable codes. Initial experiments show HDPS detects nearly all types of shellcodes, and the false positive rate approximates zero with low overhead.

机译：通过复杂的混淆技术，零日shellcode已成为对Internet的主要威胁。但是，即使最新的NIDS也依赖于已知签名，因此也很少有机会检测到它们。本文提出了使用各种混淆对零码多态shellcode（HDPS）进行混合检测。我们的方法采用启发式方法来检测返回地址并过滤大量无害网络流，然后构造一个马尔可夫模型来检测可疑流中可执行代码的存在和位置。最后，它采用了精心设计的方法来检测可执行代码中的NOP雪橇。最初的实验表明，HDPS几乎可以检测所有类型的Shellcode，并且误报率接近零且开销很小。

著录项

来源
《E-Business and Information System Security, 2009. EBISS '09》|2009年|1-5|共5页
会议地点 Wuhan(CN);Wuhan(CN)
作者
Chen Ting; Zhang Xiaosong; Liu Zhi;
展开▼
作者单位

Sch. of Comput. Sci. Eng., Univ. of Electron. Sci. Technol. of China (UESTC), Chengdu;

展开▼
会议组织
原文格式 PDF
正文语种
中图分类
关键词
Internet; Markov processes; security of data; telecommunication security; telecommunication traffic; Markov model; NOP Sleds detection; complex obfuscation technique; heuristic approach; hybrid zero-day polymorphic shellcode detection approach; mass innocent network flow filtering; state-of-the-art NIDS; suspicious flow;

机译：互联网;马尔可夫过程;数据安全性;电信安全性;电信业务量;马尔可夫模型; NOP雪橇检测;复杂模糊处理技术;启发式方法;混合零日多态Shellcode检测方法;大量无害网络流量过滤;现状NIDS；可疑流程;

相似文献

外文文献
中文文献
专利

1. On the infeasibility of modeling polymorphic shellcode: Re-thinking the role of learning in intrusion detection systems [J] . Yingbo Song, Michael E. Locasto, Angelos Stavrou, Machine Learning . 2010,第2期

机译：关于建模多态shellcode的不可行性：重新考虑学习在入侵检测系统中的作用
2. Network-level polymorphic shellcode detection using emulation [J] . Michalis Polychronakis, Kostas G. Anagnostakis, Evangelos P. Markatos Journal in computer virology . 2007,第4期

机译：使用仿真的网络级多态Shellcode检测
3. A Survey on Zero-Day Polymorphic Worm Detection Techniques [J] . Kaur Ratinder, Singh Maninder Communications Surveys & Tutorials, IEEE . 2014,第3期

机译：零日多态蠕虫检测技术概述
4. A Hybrid Detection Approach For Zero-day Polymorphic Shellcodes [C] . Chen Ting, Zhang Xiaosong, Liu Zhi International Conference on E-Business and Information System Security . 2009

机译：零季多态性壳基的混合检测方法
5. Emerging & Unconventional Malware Detection Using a Hybrid Approach [D] . Babar, Farhan Mahmood. 2020

机译：使用混合方法的新兴和非常规的恶意软件检测
6. A Novel Hybrid Approach for Partial Discharge Signal Detection Based on Complete Ensemble Empirical Mode Decomposition with Adaptive Noise and Approximate Entropy [O] . Haikun Shang, Yucai Li, Junyan Xu, 2020

机译：一种基于完整集合经验模式分解的局部放电信号检测的新型混合方法自适应噪声和近似熵
7. Emulation-based Detection of Non-self-contained Polymorphic Shellcode [O] . Michalis Polychronakis, Kostas G. Anagnostakis, Evangelos P. Markatos 2008

机译：基于仿真的非自包含多态shellcode检测

A Hybrid Detection Approach for Zero-Day Polymorphic Shellcodes

摘要

著录项

相似文献

相关主题

期刊订阅