@inproceedings{a4266cbb906e4146971144bef736093f,
title = "Self debugging mode for patch-independent nullification of unknown remote process infection",
abstract = "The rapid increase of software vulnerabilities shows us the limitation of patch-dependent countermeasures for malicious code. We propose a patch-independent protection technique of remote infection which enables each process to identify itself with {"}being infected{"} and nullify itself spontaneously. Our system is operating system independent and therefore does not need software rebuilding. Previously, no method for stopping malicious process without recompiling source code or re-building software has been proposed. In proposal system, target process is running under self debugging mode which is activated by enhancing debug() exception handler and utilizing MSR debug register. In this paper we show the effectiveness of proposal method by protecting the remote process infection without patching security holes. Implemention of device driver call back function and BranchIP recorder provides the real-time prevention of unregistered worm attack through Internet. In experiment, function test of stack buffer overflow of Win32.SQLExp.Worm is presented. Also CPU utilization corresponding to the number of calling function and some database operations is showed.",
keywords = "BranchIP recorder, Debug register, Improved debug exception handler, Real-time nullification, Self-debugging mode",
author = "Ruo Ando and Yoshiyasu Takefuji",
note = "Copyright: Copyright 2020 Elsevier B.V., All rights reserved.; 4th International Conference on Cryptology and Network Security, CANS 2005 ; Conference date: 14-12-2005 Through 16-12-2005",
year = "2005",
doi = "10.1007/11599371_8",
language = "English",
isbn = "3540308490",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
publisher = "Springer Verlag",
pages = "85--95",
booktitle = "Cryptology and Network Security - 4th International Conference, CANS 2005, Proceedings",
}