Similarity-based Polymorphic Shellcode Detection
In the work the method for polymorphic shellcode dedection based on the set of known shellcodes is proposed. The method’s main idea is in sequential applying of deobfuscating transformations to a data analyzed and then recognizing similarity with malware samples. The method has been tested on the se...
Main Authors: | , |
---|---|
Format: | Article |
Language: | English |
Published: |
Joint Stock Company "Experimental Scientific and Production Association SPELS
2013-02-01
|
Series: | Безопасность информационных технологий |
Subjects: | |
Online Access: | https://bit.mephi.ru/index.php/bit/article/view/352 |
_version_ | 1797705826400468992 |
---|---|
author | Denis Yurievich Gamayunov Anastasia Alekseevna Skovoroda (Shcherbinina) |
author_facet | Denis Yurievich Gamayunov Anastasia Alekseevna Skovoroda (Shcherbinina) |
author_sort | Denis Yurievich Gamayunov |
collection | DOAJ |
description | In the work the method for polymorphic shellcode dedection based on the set of known shellcodes is proposed. The method’s main idea is in sequential applying of deobfuscating transformations to a data analyzed and then recognizing similarity with malware samples. The method has been tested on the sets of shellcodes generated using Metasploit Framework v.4.1.0 and PELock Obfuscator and shows 87 % precision with zero false positives rate. |
first_indexed | 2024-03-12T05:42:09Z |
format | Article |
id | doaj.art-0a76e74f744e44fe9fe70d2a92f1806d |
institution | Directory Open Access Journal |
issn | 2074-7128 2074-7136 |
language | English |
last_indexed | 2024-03-12T05:42:09Z |
publishDate | 2013-02-01 |
publisher | Joint Stock Company "Experimental Scientific and Production Association SPELS |
record_format | Article |
series | Безопасность информационных технологий |
spelling | doaj.art-0a76e74f744e44fe9fe70d2a92f1806d2023-09-03T05:53:42ZengJoint Stock Company "Experimental Scientific and Production Association SPELSБезопасность информационных технологий2074-71282074-71362013-02-012013138344Similarity-based Polymorphic Shellcode DetectionDenis Yurievich Gamayunov0Anastasia Alekseevna Skovoroda (Shcherbinina)1Moscow State UniversityMoscow State UniversityIn the work the method for polymorphic shellcode dedection based on the set of known shellcodes is proposed. The method’s main idea is in sequential applying of deobfuscating transformations to a data analyzed and then recognizing similarity with malware samples. The method has been tested on the sets of shellcodes generated using Metasploit Framework v.4.1.0 and PELock Obfuscator and shows 87 % precision with zero false positives rate.https://bit.mephi.ru/index.php/bit/article/view/352polymorphic shellcodeobfuscated shellcode |
spellingShingle | Denis Yurievich Gamayunov Anastasia Alekseevna Skovoroda (Shcherbinina) Similarity-based Polymorphic Shellcode Detection Безопасность информационных технологий polymorphic shellcode obfuscated shellcode |
title | Similarity-based Polymorphic Shellcode Detection |
title_full | Similarity-based Polymorphic Shellcode Detection |
title_fullStr | Similarity-based Polymorphic Shellcode Detection |
title_full_unstemmed | Similarity-based Polymorphic Shellcode Detection |
title_short | Similarity-based Polymorphic Shellcode Detection |
title_sort | similarity based polymorphic shellcode detection |
topic | polymorphic shellcode obfuscated shellcode |
url | https://bit.mephi.ru/index.php/bit/article/view/352 |
work_keys_str_mv | AT denisyurievichgamayunov similaritybasedpolymorphicshellcodedetection AT anastasiaalekseevnaskovorodashcherbinina similaritybasedpolymorphicshellcodedetection |