ETRI-Knowledge Sharing Plaform

ENGLISH

성과물

논문 검색
구분 SCI
연도 ~ 키워드

상세정보

학술대회 Function Call Mechanism Based Executable Code Detection for the Network Security
Cited 3 time in scopus Download 1 time Share share facebook twitter linkedin kakaostory
저자
김대원, 최양서, 김익균, 오진태, 장종수
발행일
200807
출처
International Symposium on Applications and the Internet (SAINT) 2008, pp.62-67
DOI
https://dx.doi.org/10.1109/SAINT.2008.13
협약과제
07MK1400, Network 위협의 Zero-Day Attack 대응을 위한 실시간 공격 Signature 생성 및 관리 기술개발, 장종수
초록
The general method in which attackers obtain the control authority of the remote host is through the exploit code. Motivated by the viewpoint that the exploit code normally contains some executable codes, we propose a method of detecting the executable codes included in packets for the network security. Because some parts in the executable codes essentially include the function call related instruction patterns, we propose an approach detecting the instruction patterns following the function call mechanism. We have implemented a prototype and evaluated it against a variety of the executable and non-executable codes. The results show that the proposed method properly classifies the executable and non-executable codes. © 2008 IEEE.
KSP 제안 키워드
General method, control authority, function call, network security