ETRI-Knowledge Sharing Plaform

KOREAN
논문 검색
Type SCI
Year ~ Keyword

Detail

Journal Article Tracing Stored Program Counter to Detect Polymorphic Shellcode
Cited 3 time in scopus Share share facebook twitter linkedin kakaostory
Authors
Dae Won Kim, Ik Kyun Kim, Jin Tae Oh, Jong Soo Jang
Issue Date
2008-08
Citation
IEICE Transactions on Information and Systems, v.E91-D, no.8, pp.2192-2195
ISSN
0916-8532
Publisher
일본, 전자정보통신학회 (IEICE)
Language
English
Type
Journal Article
DOI
https://dx.doi.org/10.1093/ietisy/e91-d.8.2192
Abstract
The shellcode use of the polymorphic form has become active as the de facto method for avoiding signature based network security system. We present a new static analysis method for detecting the decryption routine of the polymorphic shellcode. This method traces the processes by which the decryption routine stores the current program counter in a stack, moves the value between registers and uses the value in order to make the address of the encrypted code accessible. Most of decryption routines have the feature which they use the program counter stored on a stack as the address for accessing the memory that the encrypted code is positioned. Copyright © 2008 The Institute of Electronics, Information and Communication Engineers.
KSP Keywords
Analysis method, Information and communication, Network security system, Polymorphic form, Program counter, static analysis