Similarity-based Polymorphic Shellcode Detection
In the work the method for polymorphic shellcode dedection based on the set of known shellcodes is proposed. The method’s main idea is in sequential applying of deobfuscating transformations to a data analyzed and then recognizing similarity with malware samples. The method has been tested on the se...
| Main Authors: | , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Moscow Engineering Physics Institute
2013-02-01
|
| Series: | Bezopasnostʹ Informacionnyh Tehnologij |
| Subjects: | |
| Online Access: | https://bit.mephi.ru/index.php/bit/article/view/352 |
| id |
doaj-0a76e74f744e44fe9fe70d2a92f1806d |
|---|---|
| record_format |
Article |
| spelling |
doaj-0a76e74f744e44fe9fe70d2a92f1806d2020-11-24T22:41:38ZengMoscow Engineering Physics Institute Bezopasnostʹ Informacionnyh Tehnologij2074-71282074-71362013-02-012013138344Similarity-based Polymorphic Shellcode DetectionDenis Yurievich Gamayunov0Anastasia Alekseevna Skovoroda (Shcherbinina)1Moscow State UniversityMoscow State UniversityIn the work the method for polymorphic shellcode dedection based on the set of known shellcodes is proposed. The method’s main idea is in sequential applying of deobfuscating transformations to a data analyzed and then recognizing similarity with malware samples. The method has been tested on the sets of shellcodes generated using Metasploit Framework v.4.1.0 and PELock Obfuscator and shows 87 % precision with zero false positives rate.https://bit.mephi.ru/index.php/bit/article/view/352polymorphic shellcodeobfuscated shellcode |
| collection |
DOAJ |
| language |
English |
| format |
Article |
| sources |
DOAJ |
| author |
Denis Yurievich Gamayunov Anastasia Alekseevna Skovoroda (Shcherbinina) |
| spellingShingle |
Denis Yurievich Gamayunov Anastasia Alekseevna Skovoroda (Shcherbinina) Similarity-based Polymorphic Shellcode Detection Bezopasnostʹ Informacionnyh Tehnologij polymorphic shellcode obfuscated shellcode |
| author_facet |
Denis Yurievich Gamayunov Anastasia Alekseevna Skovoroda (Shcherbinina) |
| author_sort |
Denis Yurievich Gamayunov |
| title |
Similarity-based Polymorphic Shellcode Detection |
| title_short |
Similarity-based Polymorphic Shellcode Detection |
| title_full |
Similarity-based Polymorphic Shellcode Detection |
| title_fullStr |
Similarity-based Polymorphic Shellcode Detection |
| title_full_unstemmed |
Similarity-based Polymorphic Shellcode Detection |
| title_sort |
similarity-based polymorphic shellcode detection |
| publisher |
Moscow Engineering Physics Institute |
| series |
Bezopasnostʹ Informacionnyh Tehnologij |
| issn |
2074-7128 2074-7136 |
| publishDate |
2013-02-01 |
| description |
In the work the method for polymorphic shellcode dedection based on the set of known shellcodes is proposed. The method’s main idea is in sequential applying of deobfuscating transformations to a data analyzed and then recognizing similarity with malware samples. The method has been tested on the sets of shellcodes generated using Metasploit Framework v.4.1.0 and PELock Obfuscator and shows 87 % precision with zero false positives rate. |
| topic |
polymorphic shellcode obfuscated shellcode |
| url |
https://bit.mephi.ru/index.php/bit/article/view/352 |
| work_keys_str_mv |
AT denisyurievichgamayunov similaritybasedpolymorphicshellcodedetection AT anastasiaalekseevnaskovorodashcherbinina similaritybasedpolymorphicshellcodedetection |
| _version_ |
1725701464271093760 |