Detecting Heap-spraying based on Minimal Length Sequence and Argument Analysis
| Autor: | Pei-Chen Yeh, 葉姵辰 |
|---|---|
| Rok vydání: | 2015 |
| Druh dokumentu: | 學位論文 ; thesis |
| Popis: | 103 The heap-spraying attacks through the composition of malicious JavaScript and depend on the exploited vulnerabilities of browser or plug-in of installed to trigger. The attackers commonly use obfuscated techniques to make obfuscated malicious JavaScript in order to evade mechanism of detection. In this paper, we adopt a lightweight sandbox to deal with obfuscated problems and also propose a novel system that is Heap Spraying Revelation based on minimal length sequence finding and argument analysis. The fundamental observations behind the design of Heap Spraying Revelation are that combine static analysis and dynamic analysis in order to raise the accuracy of detection and efficiency. On the other hand, the minimal length sequence focus on the characteristic of heap-spraying which is NOP-sled. The action of NOP-sled will create a lot of instructions. Hence, we capture this distinguishing feature for analysis. Our work also presents an idea to find out the minimal length sequences and analysis their argument. In our experiments, we use SVM (Support Vector Machine) to be a classifier and the accuracy of result up to 95.7 %. |
| Databáze: | Networked Digital Library of Theses & Dissertations |
| Externí odkaz: |
|