350 rub
Journal Highly available systems №2 for 2011 г.
Article in number:
Shellcode detection methods for high-speed network channels
Authors:
S.A. Gaivoronski
Abstract:
The problem of malicious shellcode detection in high-speed network channels is a significant part of the more general problem of botnet propagation detection and filtering. Many of the modern botnets use remotely exploitable vulnerabilities in popular networking software for automatic propagation. We formulate the problem of shellcode detection in network flow in terms of formal theory of heuristics combination [1]. In that paper we propose an approach that constructs hybrid shellcode detection method by combining of existing classifiers. We formulate the problem of automatic synthesis of such hybrid detector which will cover all shellcode feature classes and reduce the false positives rate while reducing the complexity of the method compared with the simple linear combination of algorithms
Pages: 70-75
References
  1. Zhuravlev Y.I. Algebraic approach to the solution of recognition or classification problems // Pattern recognition and image analysis, 1998. V. 8. № 1. P. 59-100.
  2. Brett Stone-Gross, Marco Cova, Lorenzo Cavallaro, Bob Gilbert, Martin Szydlowski, Richard Kemmerer, Christopher Kruegel, Giovanni Vigna. Your Botnet is My Botnet: Analysis of a Botnet Takeover. Technical report, University of California, May 2009.
  3. FBI, International Cooperation Disrupts Multi-Country Cyber Theft Ring. Press Release, FBI National Press Office, Oct 2010.
  4. Kirill Kruglov Monthly Malware Statistics: June 2010. Kaspersky Lab Report, June 2010. [HTML] http://www.securelist.com/en/analysis/204792125/Monthly_Malware_Statistics_June_2010.
  5. E. Filiol Metamorphism, formal grammars and undecidable code mutation // International Journal of Computer Science. 2. 2007.