Publishing house Radiotekhnika

"Publishing house Radiotekhnika":
scientific and technical literature.
Books and journals of publishing houses: IPRZHR, RS-PRESS, SCIENCE-PRESS

Тел.: +7 (495) 625-9241


Shellcode detection methods for high-speed network channels


S.A. Gaivoronski

The problem of malicious shellcode detection in high-speed network channels is a significant part of the more general problem of botnet propagation detection and filtering. Many of the modern botnets use remotely exploitable vulnerabilities in popular networking software for automatic propagation. We formulate the problem of shellcode detection in network flow in terms of formal theory of heuristics combination [1]. In that paper we propose an approach that constructs hybrid shellcode detection method by combining of existing classifiers. We formulate the problem of automatic synthesis of such hybrid detector which will cover all shellcode feature classes and reduce the false positives rate while reducing the complexity of the method compared with the simple linear combination of algorithms

© Издательство «РАДИОТЕХНИКА», 2004-2017            Тел.: (495) 625-9241                   Designed by [SWAP]Studio