상세정보
학술대회
A Practical Approach for Detecting Executable Codes in Network Traffic
- 발행일
- 200710
- 출처
- Asia-Pacific Network Operations and Management Symposium (APNOMS) 2007 (LNCS 4773), v.4773, pp.354-363
- 협약과제
- 07MK1400, Network 위협의 Zero-Day Attack 대응을 위한 실시간 공격 Signature 생성 및 관리 기술개발, 장종수
- 초록
- The research on the detection of zero-day network attack and the signature generation is highlighted as an issue according to the outbreak of the new network attack is faster than a prediction. In this paper, we propose a very practical method that detects the executable codes within the network packet pay load. It could be used as the key function of the signature generation against the zero-day attack or the high speed anomaly detection. The proposed heuristic method in this paper could be expressed in terms of visually classifying the characteristic of the instruction pattern of executable codes. And then we generalize this by applying the discrete parameter Markov chain. Our experimental study showed that the presented scheme could find all types of executable codes in our experiments. © Springer-Verlag Berlin Heidelberg 2007.
- KSP 제안 키워드
- Experimental study, Heuristic method, High Speed, Network Attacks, Network Traffic, Practical approach, Practical method, Zero-day attack, anomaly detection, markov chain, network packets