Skip to main content
Fachgebiete
Automobil + Motoren Bauwesen + Immobilien Business IT + Informatik Elektrotechnik + Elektronik Energie + Nachhaltigkeit Finance + Banking Management + Führung Marketing + Vertrieb Maschinenbau + Werkstoffe Versicherung + Risiko
DE
EN
Bücher
Zeitschriften
Themenseiten
Organisationspsychologie Projektmanagement Marketing Smart Manufacturing
Weitere Formate
Podcasts Webinare Technik Webinare Wirtschaft Kongresse Veranstaltungskalender Awards
Jetzt Einzelzugang starten
Zugang für Unternehmen
Referenzkunden
SLX-Digitalkonferenz: Zukunftswerkstatt 2024

Mehr Umsatz mit Top-Kontakten

Am 7. Mai erfahren Sie, wie Vertriebsteams Leadgenerierung, Leadnurturing und Leadstrategien effizient steuern können.
Erweiterte Suche
Anmelden
nach oben
Journal of Computer Virology and Hacking Techniques
Erschienen in: Journal of Computer Virology and Hacking Techniques 3/2014

01.08.2014 | Original Paper

Detection of shellcodes in drive-by attacks using kernel machines

verfasst von: Manoj Cherukuri, Srinivas Mukkamala, Dongwan Shin

Erschienen in: Journal of Computer Virology and Hacking Techniques | Ausgabe 3/2014

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

In this paper, we propose a light-weight framework using kernel machines for the detection of shellcodes used in drive-by download attacks. As the shellcodes are passed in webpages as JavaScript strings, we studied the effectiveness of the proposed approach on about 9850 shellcodes and 10000 JavaScript strings collected from the wild. Our analysis shows that the trained SVMs (Support Vector Machines) classified with an accuracy of over 99 %. Our evaluation of the trained SVM models with different proportions of training datasets proved to perform consistently with an average accuracy of 99.51 % and the proposed static approach proved to be effective against detecting even the polymorphic shellcode variants. The performance of our approach was compared to an emulation based approach and observed that our approach performed with slightly better accuracies by consuming about 33 % of the time consumed by the emulation based approach.
Vorheriger Artikel Metamorphic code generation from LLVM bytecode
Nächster Artikel Secrets from the GPU

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Jetzt informieren
Literatur
1.
Provos, N., McNamee, D., Mavrommatis, P., Wang, K., Modadugu, N.: The ghost in the browser analysis of web-based malware. In: First Workshop on Hot Topics in Understanding Botnets, Cambridge, Massachussetts (2007)
2.
Kolbitsch, C., Livshits, B., Zorn, B., Seifert, C.: Rozzle: De-Cloaking Internet Malware. Technical Report MSR-TR-2011-94, Microsoft Research Technical, Report (2011)
3.
Polychronakis, M., Provos, N.: Ghost turns zombie: exploring the life cycle of web-based malware. In: First USENIX Workshop on Large-Scale Exploits and Emergent Threats, San Francisco, California (2008)
4.
Provos, N., Mavrommatis, P., Rajab, M.A., Monrose, F.: All your iframes point to us. In: USENIX Security Symposium, San Jose, California (2008)
5.
Stone-Gross, B., Cova, M., Kruegel, C., Vigna, G.: Peering through the iFrame. In: Proceedings of the International Conference on Computer Communications (INFOCOM) Mini Conference, Shanghai, China (2011)
6.
7.
8.
9.
Cherukuri, M., Mukkamala, S., Shin, D.: Similarity analysis of shellcodes in drive-by download attack kits. In: Proceedings of the 7th International Workshop on Trusted Collaboration (TrustCol’12-in conjunction with CollaborateCom 12), Pittsburgh, Pennsylvania (2012)
10.
11.
Dinaburg, A., Royal, P., Shariff, M., Lee, W.: Ether: malware analysis via hardware virtualization extensions. In: Proceedings of the 15th ACM Conference on Computer and Communications Security, Alexandria, Virginia (2008)
12.
Rieck, K., Trinius, P., Williams, C., Holz, T.: Automatic analysis of malware behavior using machine learning. Proc. J. Comput. Secur. (2011)
13.
Shankarpani, M.K., Ramamoorthy, S., Movva, R.S., Mukkamala, S.: Malware detection using assembly and API call sequences. Proc. J. Comput. Virol. 7(2), 107–119 (2011)CrossRef
14.
15.
16.
Lu, L., Yegneswaran, V., Porras, P., Lee, W.: BLADE: an attack-agnostic approach for preventing drive-by malware infections. In: Procedings of ACM Conference of Computer and Communications Security, Chicago, Illinois (2010)
17.
Willems, C., Holz, T., Freiling, F.: Toward automated dynamic malware analysis using CWSandbox. In: IEEE security and privacy, Oakland, California (2007)
18.
19.
Kirda, E., Kruegel, C., Banks, G., Vigna, G., Kemmerer, R.A.: Behavior-based spyware detection. In: USENIX Security Symposium, Vancouver, Canada (2006)
20.
Egele, M., Kruegel, C., Kirda, E., Yin, H., Song, D. X.: Dynamic spyware analysis. In: USENIX Annual Technical Conference, Santa Clara, California, pp. 233–246 (2007)
21.
Roesch, M.: Snort-lightweight intrusion detection for networks. In: 13th Systems AdministrationConference (LISA), Seattle, Washington (1999)
22.
Zhang, J., Seifert, C., Stokes, J.W., Lee, W.: ARROW: generating signatures to detect drive-by downloads. In: International World Wide Web Conference (WWW), Hyderabad, India (2011)
23.
Curtsinger, C., Livshits, B., Zorn, B., Seifert, C.: Zozzle: Low-overhead mostly static JavaScript malware detection. In: Proceedings of the USENIX Security Symposium, San Francisco, California (2011)
24.
Polychronakis, M., Anagnostakis, K.G., Markatos, E.P.: Comprehensive shellcode detection using runtime heuristics. In: Annual Computer Security Applications Conference (ACSAC), Austin, Texas (2010)
25.
Fratantonio, Y., Kruegel, C., Vigna, G.: Shellzer: a tool for the dynamic analysis of malicious shellcode. In: Recent Advances In Intrusion Detection, Menlo Park, California (2011)
26.
27.
Egele, M., Wurzinger, P., Kruegel, C., Kirda, E.: Defending browsers against drive-by downloads: mitigating heap-spraying code injection attacks. In: Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA), Milan, Italy (2009)
28.
Gu, B., Bai, X., Yang, Z., Champion, A.C., Xuan, D.: Malicious shellcode detection with virtual memory snapshots. In: International Conference on Computer Communications (INFOCOM), San Diego, California, pp. 974–982 (2010)
29.
30.
31.
Charlier, B.L., Mounji, A., Swimmer, M., Informatik, F.: Dynamic detection and classification of computer viruses using general behavior patterns. In: Proceedings of the 5th International Virus Bulletin Conference, pp. 75–88 (1995)
32.
Bilar, D.: Opcode as predictors for malware. Proc. Int. J. Electron. Secur. Digit. Forensics 1(2), 156–168 (2007)CrossRef
33.
Muttik, I.: Stripping down an AV engine. In: Virus Bulletin Conference (2000)
34.
Santos, I., Brezo, F., Nieves, J., Penya, Y., Sanz, B., Laorden, C., Bringas, P.G.: Idea: opcode sequence-based malware detection. In: Proceedings of the Engineering Secure Software and Systems, LNCS, vol. 5965, pp. 35–43 (2010)
35.
36.
37.
38.
39.
40.
41.
Lee, J.H., Lin, C.J.: Automatic Model Selection for Support Vector Machines. Department of Computer Science and Information Engineering, National Taiwan University, Technical Report (2000)
42.
Cherkassy, V.: Model complexity control and statistical learning theory. J. Nat. Comput. 1, 109–133 (2002)CrossRef
Metadaten
Titel
Detection of shellcodes in drive-by attacks using kernel machines
verfasst von
Manoj Cherukuri
Srinivas Mukkamala
Dongwan Shin
Publikationsdatum
01.08.2014
Verlag
Springer Paris
Erschienen in
Journal of Computer Virology and Hacking Techniques / Ausgabe 3/2014
Elektronische ISSN: 2263-8733
DOI
https://doi.org/10.1007/s11416-013-0195-2

Weitere Artikel der Ausgabe 3/2014

Journal of Computer Virology and Hacking Techniques 3/2014 Zur Ausgabe

Invited Paper

Automatic code features extraction using bio-inspired algorithms

Correspondence

Statically detecting use after free on binary code

Original Paper

Secrets from the GPU

Original Paper

Metamorphic code generation from LLVM bytecode