ETRI-Knowledge Sharing Plaform



논문 검색
구분 SCI
연도 ~ 키워드


학술대회 A Practical Approach for Detecting Executable Codes in Network Traffic
Cited 1 time in scopus Download 0 time Share share facebook twitter linkedin kakaostory
김익균, 강구홍, 최양서, 김대원, 오진태, 한기준
Asia-Pacific Network Operations and Management Symposium (APNOMS) 2007 (LNCS 4773), v.4773, pp.354-363
07MK1400, Network 위협의 Zero-Day Attack 대응을 위한 실시간 공격 Signature 생성 및 관리 기술개발, 장종수
The research on the detection of zero-day network attack and the signature generation is highlighted as an issue according to the outbreak of the new network attack is faster than a prediction. In this paper, we propose a very practical method that detects the executable codes within the network packet pay load. It could be used as the key function of the signature generation against the zero-day attack or the high speed anomaly detection. The proposed heuristic method in this paper could be expressed in terms of visually classifying the characteristic of the instruction pattern of executable codes. And then we generalize this by applying the discrete parameter Markov chain. Our experimental study showed that the presented scheme could find all types of executable codes in our experiments. © Springer-Verlag Berlin Heidelberg 2007.
KSP 제안 키워드
Experimental study, Heuristic method, High Speed, Network Attacks, Network Traffic, Practical approach, Practical method, Zero-day attack, anomaly detection, markov chain, network packets