Malicious code detection by taint analysis
暂无分享,去创建一个
In general intrusion detection systems (IDS) malicious code for analyzing and processing in the network filters the data packets are in the kernel mode to capture and filter can only filter a general attack. In this paper, static blot analysis, the introduction of the concept of seed stain, the data stream into a binary package assembler to detect and filter out the stain by stain infected packets. Often malicious code unconditional jump attack the transfer of control to carry out effective identification and filtering, there by enhancing the efficiency of the network filter and recognition rate. The experiments show that static blot analysis and blot tracking methods effectively improve the class for two types of unconditional jump attack code and the three were infected with the structure of its program to other nodes in the recognition efficiency.
[1] Christopher Krügel,et al. Polymorphic Worm Detection Using Structural Information of Executables , 2005, RAID.
[2] Cristina Cifuentes,et al. Intraprocedural static slicing of binary executables , 1997, 1997 Proceedings International Conference on Software Maintenance.
[3] Christopher Krügel,et al. Static Disassembly of Obfuscated Binaries , 2004, USENIX Security Symposium.