Detection of injected, dynamically generated, and obfuscated malicious code

Autor:	Scott M. Lewandowski, Roger I. Khazan, Jesse C. Rabek, Robert K. Cunningham
Rok vydání:	2003
Předmět:	business.industry Computer science Real-time computing Static program analysis computer.file_format Intrusion detection system Static analysis computer.software_genre Software System call Operating system Code (cryptography) Executable business Host (network) computer
Zdroj:	WORM
DOI:	10.1145/948187.948201
Popis:	This paper presents DOME, a host-based technique for detecting several general classes of malicious code in software executables. DOME uses static analysis to identify the locations (virtual addresses) of system calls within the software executables, and then monitors the executables at runtime to verify that every observed system call is made from a location identified using static analysis. The power of this technique is that it is simple, practical, applicable to real-world software, and highly effective against injected, dynamically generated, and obfuscated malicious code.
Databáze:	OpenAIRE
Externí odkaz:	https://explore.openaire.eu/search/publication?articleId=doi_________::2d7edb8089fd83426111934cb95575eb https://doi.org/10.1145/948187.948201 Zobrazit plný text záznamu