ETRI-Knowledge Sharing Plaform

KOREAN
논문 검색
Type SCI
Year ~ Keyword

Detail

Conference Paper Lightweight Static Analysis to Detect Polymorphic Exploit Code with Static Analysis Resistant Technique
Cited 0 time in scopus Share share facebook twitter linkedin kakaostory
Authors
Dae Won Kim, Ik Kyun Kim, Jin Tae Oh, Hyun Sook Cho
Issue Date
2009-06
Citation
International Conference on Communications (ICC) 2009, pp.1-6
Publisher
IEEE
Language
English
Type
Conference Paper
DOI
https://dx.doi.org/10.1109/ICC.2009.5199134
Abstract
The general method in which attackers obtain the control authority of the remote host is through the exploit code. As network security systems have mounted the desired signatures about exploits, they have reduced damage due to the spreading and reoccurrence of the exploits. However, to avoid signature-based detection techniques, exploits employing techniques such as polymorphism and metamorphism have become more prevalent. Especially in the case of polymorphism, because there are many automation engines even if there is no special knowledge in order to make various exploits easily, the polymorphism researches need to be more actively studied. We present a new static analysis method for detecting the decryption routine of polymorphic exploit code. Most of decryption routines store the program counter value of remote host on a stack and use the value as the address for accessing the memory that the encrypted original code is positioned. The proposed method traces the processing steps of decryption routine as using the static analysis method. In the results of experiment, the proposed method can detect polymorphic exploit codes that the static analysis resistant techniques are used, and shows more efficient than the emulation-based method in the processing performance. ©2009 IEEE.
KSP Keywords
Analysis method, General method, Program counter, control authority, detection techniques, network security, processing performance, security system, signature-based detection, static analysis