Yataglass: Network-level code emulation for analyzing memory-scanning attacks

Makoto Shimamura, Kenji Kono

Research output: Chapter in Book/Report/Conference proceedingConference contribution

3 Citations (Scopus)

Abstract

Remote code-injection attacks are one of the most frequently used attacking vectors in computer security. To detect and analyze injected code (often called shellcode), some researchers have proposed network-level code emulators. A network-level code emulator can detect shellcode accurately and help analysts to understand the behavior of shellcode. We demonstrated that memory-scanning attacks can evade current emulators, and propose Yataglass, an elaborated network-level code emulator, that enables us to analyze shellcode that incorporates memory-scanning attacks. According to our experimental results, Yataglass successfully emulated and analyzed real shellcode into which we had manually incorporated memory-scanning attacks.

Original languageEnglish
Title of host publicationDetection of Intrusions and Malware, and Vulnerability Assessment - 6th International Conference, DIMVA 2009, Proceedings
Pages68-87
Number of pages20
DOIs
Publication statusPublished - 2009 Nov 9
Event6th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, DIMVA 2009 - Como, Italy
Duration: 2009 Jul 92009 Jul 10

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume5587 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Other

Other6th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, DIMVA 2009
CountryItaly
CityComo
Period09/7/909/7/10

Keywords

  • Code-injection attack
  • Intrusion analysis
  • Intrusion detection
  • Memory-scanning attack
  • Network-level code emulation

ASJC Scopus subject areas

  • Theoretical Computer Science
  • Computer Science(all)

Fingerprint Dive into the research topics of 'Yataglass: Network-level code emulation for analyzing memory-scanning attacks'. Together they form a unique fingerprint.

  • Cite this

    Shimamura, M., & Kono, K. (2009). Yataglass: Network-level code emulation for analyzing memory-scanning attacks. In Detection of Intrusions and Malware, and Vulnerability Assessment - 6th International Conference, DIMVA 2009, Proceedings (pp. 68-87). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 5587 LNCS). https://doi.org/10.1007/978-3-642-02918-9_5