Specification and evaluation of polymorphic shellcode properties using a new temporal logic

Talbi, Mehdi; Mejri, Mohamed; Bouhoula, Adel

doi:10.1007/s11416-008-0089-x

Cited by 5 publications

(3 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Although the problem of polymorphic shellcode is addressed in (e.g., [23], [24], [22]), encryption provides an almost unpreventable The proposed attack has a set of requirements, such as the existence of standard libraries and tools on the target host, to keep the shellcode as small and efficient as possible. We see the possibility to remove these requirements by implementing further functionality in the initial shellcode as well as in the different stages.…”

Section: Discussionmentioning

confidence: 99%

BALG: Bypassing Application Layer Gateways using multi-staged encrypted shellcodes

Roschke

Cheng

Meinel

2011

12th IFIP/IEEE International Symposium on Integrated Network Management (IM 2011) and Workshops

View full text Add to dashboard Cite

show abstract

Section: Discussionmentioning

confidence: 99%

BALG: Bypassing Application Layer Gateways using multi-staged encrypted shellcodes

Roschke

Cheng

Meinel

2011

12th IFIP/IEEE International Symposium on Integrated Network Management (IM 2011) and Workshops

View full text Add to dashboard Cite

show abstract

“…This intrusion detection system's management and detection function are integrated. Its size is relatively small, and it is easy to integrate with the small-scale Android platform [5,6]. Snort can capture and analysis the data packets on the network, and respond to and deal with it according to the rules defined.…”

Section: Intrusion Detection Systemmentioning

confidence: 99%

Research on Intrusion Detection for Android Cell Phones Based on Snort

Liu

Yin

Yang

et al. 2013

2013 Sixth International Symposium on Computational Intelligence and Design

View full text Add to dashboard Cite

With the rapid spread of the cell phones, more and more security threats against it appear. Nowadays people pay more attention to mobile phone security. Snort is a lightweight network intrusion detection system, and the multi-pattern matching algorithms it usually uses are AC algorithm and AC-BNFA algorithm. However, these algorithms are slow and take up too much memory. Now a new pattern matching algorithm is presented, which reduces the automaton states through transitions. The detection rate is ensured, the match rate is accelerated, the memory footprint is reduced, and the detection efficiency of the intrusion detection system is improved.

show abstract

“…The Temporal Logic approach was used in [22] for detecting polymorphic malicious codes that exploit buffer-overflow vulnerabilities.…”

Section: Related Workmentioning

confidence: 99%

Using the KBTA method for inferring computer and network security alerts from time-stamped, raw system metrics

Shabtai¹,

Fledel²,

Elovici³

et al. 2009

J Comput Virol

View full text Add to dashboard Cite

In this study, we propose a new approach for detecting previously unencountered instances of known classes of malicious software based on their temporal behavior. In the proposed approach, time-stamped security data are continuously monitored within the target computer system or network and then processed by the knowledge-based temporal abstraction (KBTA) methodology. Using KBTA, continuously measured data (e.g., the number of running processes) and events (e.g., installation of a software) are integrated with a security-domain, temporal-abstraction knowledge-base (i.e., a security ontology for abstracting meaningful patterns from raw, time-oriented security data), to create higher-level, time-oriented concepts and patterns, also known as temporal abstractions. Automatically-generated temporal abstractions can be monitored to detect suspicious temporal patterns. These patterns are compatible with a set of predefined classes of malware as defined by a security expert employing a set of time and value constraints. The new approach was applied for detecting worm-related malware using two different ontologies. Evaluation results demonstrated the effectiveness of the new approach. The approach can be used for detecting other types of malware by updating the security ontology with new definitions of temporal patterns.

show abstract

Specification and evaluation of polymorphic shellcode properties using a new temporal logic

Cited by 5 publications

References 12 publications

BALG: Bypassing Application Layer Gateways using multi-staged encrypted shellcodes

BALG: Bypassing Application Layer Gateways using multi-staged encrypted shellcodes

Research on Intrusion Detection for Android Cell Phones Based on Snort

Using the KBTA method for inferring computer and network security alerts from time-stamped, raw system metrics

Contact Info

Product

Resources

About