Similarity-based Polymorphic Shellcode Detection

Denis Yurievich Gamayunov; Anastasia Alekseevna Skovoroda (Shcherbinina)

Безопасность информационных технологий (Feb 2013)

Similarity-based Polymorphic Shellcode Detection

Denis Yurievich Gamayunov,
Anastasia Alekseevna Skovoroda (Shcherbinina)

Affiliations

Denis Yurievich Gamayunov: Moscow State University
Anastasia Alekseevna Skovoroda (Shcherbinina): Moscow State University

Journal volume & issue: Vol. 20, no. 1
pp. 31 – 38

Abstract

Read online

In the work the method for polymorphic shellcode dedection based on the set of known shellcodes is proposed. The method’s main idea is in sequential applying of deobfuscating transformations to a data analyzed and then recognizing similarity with malware samples. The method has been tested on the sets of shellcodes generated using Metasploit Framework v.4.1.0 and PELock Obfuscator and shows 87 % precision with zero false positives rate.

Published in Безопасность информационных технологий

ISSN: 2074-7128 (Print); 2074-7136 (Online)
Publisher: Joint Stock Company "Experimental Scientific and Production Association SPELS
Country of publisher: Russian Federation
LCC subjects: Technology: Technology (General): Industrial engineering. Management engineering: Information technology; Science: Science (General): Cybernetics: Information theory
Website: https://bit.spels.ru

About the journal

Abstract

Keywords