A Hybrid Detection Approach for Zero-Day Polymorphic Shellcodes

Chen, Ting; Zhang, Xiaosong; Liu, Zhi

doi:10.1109/ebiss.2009.5137874

Cited by 5 publications

(2 citation statements)

References 6 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Another important category of worm quarantine is content‐based, which tries to search Shellcode in exploiting packets (Toth and Kruegel, 2002; Chen et al , 2009). In theory, content‐based techniques are accurate to pinpoint worm packets, whereas these techniques are always resources‐consuming and time‐consuming.…”

Section: Related Workmentioning

confidence: 99%

Proactive P2P worm containment via automatic authentication

Zhang

Chen

et al. 2013

COMPEL - The International Journal for Computation and Mathematics in Electrical and Electronic Engineering

Self Cite

View full text Add to dashboard Cite

Purpose -Nowadays, proactive P2P worm (PRWORM) poses a latent threat to internet infrastructure and common users for the fatal vulnerabilities in homogeneous P2P software. It is more difficult to contain PRWORM because of its fast spread speed. Current techniques are not adequate to quarantine PRWORM, mainly because of their inaccuracy and slow response to attacks. The purpose of this paper is to propose an accurate and real-time approach for PRWORM containment. Design/methodology/approach -First, the authors present a new methodology to contain PRWORM via proper authentication of initiators of P2P communications. Second, three simple network protocols are proposed to fulfill automatic authentication. Findings -Both simulations and strictly mathematical proof by Strand Space Model represent that the authors' work is able to accurately quarantine PRWORM in real time. Furthermore, proof shows the three network protocols are resistant to popular attacks such as man-in-the-middle attack and replay attack. Originality/value -First, the authors propose an authentication based method to contain proactive P2P worm and second, use strand space model to proof the effectiveness and security of the method.

show abstract

Section: Related Workmentioning

confidence: 99%

Proactive P2P worm containment via automatic authentication

Zhang

Chen

et al. 2013

COMPEL - The International Journal for Computation and Mathematics in Electrical and Electronic Engineering

Self Cite

View full text Add to dashboard Cite

show abstract

“…However, due to the complexity the network applications [5], and the strong ability of metamorphism and concealment [6], those methods have low accuracy. Content analysis [7] is a kind of methods which attempts to detect the common features in abnormal traffic. For example, executable feature [8], pad instructions [9], self-decryption routine [10] and so on.…”

Section: Related Workmentioning

confidence: 99%

A Novel Abnormal Traffic Detection Method Based on Statistical Model

Chen

2013

AMR

Self Cite

View full text Add to dashboard Cite

An abnormal traffic detection method via statistical model is proposed in this paper. At first, a new feature of normal traffic that it represents significant one-order dependency is discovered. In other words, normal traffic is obviously positive correlative. But the feature rarely appears in abnormal traffic. Based on one-order dependency, an entropy-rate model which is highly relevant to Markov model is then introduced by this paper to detect abnormal traffic. The proposed method is independent of signature so that it is able to detection both known and unknown abnormal traffic. At last, contrast experiment shows that the proposed method outperforms current methods in terms of false positives and false negatives.

show abstract