Efficient shellcode detection on commodity hardware

Donghai Tian; Mo Chen; Changzhen Hu; Xuanya Li

doi:10.1587/transinf.E96.D.2272

Efficient shellcode detection on commodity hardware

Donghai Tian, Mo Chen, Changzhen Hu, Xuanya Li

科研成果: 期刊稿件 › 文章 › 同行评审

摘要

As more and more software vulnerabilities are exposed, shellcode has become very popular in recent years. It is widely used by attackers to exploit vulnerabilities and then hijack program's execution. Previous solutions suffer from limitations in that: 1) Some methods based on static analysismay fail to detect the shellcode using obfuscation techniques. 2) Other methods based on dynamic analysis could impose considerable performance overhead. In this paper, we propose Lemo, an efficient shellcode detection system. Our system is compatible with commodity hardware and operating systems, which enables deployment. To improve the performance of our system, we make use of the multi-core technology. The experiments show that our system can detect shellcode efficiently.

源语言	英语
页（从-至）	2272-2276
页数	5
期刊	IEICE Transactions on Information and Systems
卷	E96-D
期	10
DOI	https://doi.org/10.1587/transinf.E96.D.2272
出版状态	已出版 - 10月 2013

访问文件

10.1587/transinf.E96.D.2272

其它文件与链接

链接到 Scopus 的出版物

引用此

@article{b4be6eb27ad3406f8069526b14b6b75f,

title = "Efficient shellcode detection on commodity hardware",

abstract = "As more and more software vulnerabilities are exposed, shellcode has become very popular in recent years. It is widely used by attackers to exploit vulnerabilities and then hijack program's execution. Previous solutions suffer from limitations in that: 1) Some methods based on static analysismay fail to detect the shellcode using obfuscation techniques. 2) Other methods based on dynamic analysis could impose considerable performance overhead. In this paper, we propose Lemo, an efficient shellcode detection system. Our system is compatible with commodity hardware and operating systems, which enables deployment. To improve the performance of our system, we make use of the multi-core technology. The experiments show that our system can detect shellcode efficiently.",

keywords = "Efficient shellcode detection, Multi-core technology",

author = "Donghai Tian and Mo Chen and Changzhen Hu and Xuanya Li",

year = "2013",

month = oct,

doi = "10.1587/transinf.E96.D.2272",

language = "English",

volume = "E96-D",

pages = "2272--2276",

journal = "IEICE Transactions on Information and Systems",

issn = "0916-8532",

publisher = "Maruzen Co., Ltd/Maruzen Kabushikikaisha",

number = "10",

}

TY - JOUR

T1 - Efficient shellcode detection on commodity hardware

AU - Tian, Donghai

AU - Chen, Mo

AU - Hu, Changzhen

AU - Li, Xuanya

PY - 2013/10

Y1 - 2013/10

N2 - As more and more software vulnerabilities are exposed, shellcode has become very popular in recent years. It is widely used by attackers to exploit vulnerabilities and then hijack program's execution. Previous solutions suffer from limitations in that: 1) Some methods based on static analysismay fail to detect the shellcode using obfuscation techniques. 2) Other methods based on dynamic analysis could impose considerable performance overhead. In this paper, we propose Lemo, an efficient shellcode detection system. Our system is compatible with commodity hardware and operating systems, which enables deployment. To improve the performance of our system, we make use of the multi-core technology. The experiments show that our system can detect shellcode efficiently.

AB - As more and more software vulnerabilities are exposed, shellcode has become very popular in recent years. It is widely used by attackers to exploit vulnerabilities and then hijack program's execution. Previous solutions suffer from limitations in that: 1) Some methods based on static analysismay fail to detect the shellcode using obfuscation techniques. 2) Other methods based on dynamic analysis could impose considerable performance overhead. In this paper, we propose Lemo, an efficient shellcode detection system. Our system is compatible with commodity hardware and operating systems, which enables deployment. To improve the performance of our system, we make use of the multi-core technology. The experiments show that our system can detect shellcode efficiently.

KW - Efficient shellcode detection

KW - Multi-core technology

UR - http://www.scopus.com/inward/record.url?scp=84885042272&partnerID=8YFLogxK

U2 - 10.1587/transinf.E96.D.2272

DO - 10.1587/transinf.E96.D.2272

M3 - Article

AN - SCOPUS:84885042272

SN - 0916-8532

VL - E96-D

SP - 2272

EP - 2276

JO - IEICE Transactions on Information and Systems

JF - IEICE Transactions on Information and Systems

IS - 10

ER -

Efficient shellcode detection on commodity hardware

摘要

访问文件

其它文件与链接

指纹

引用此