Yataglass: Network-level code emulation for analyzing memory-scanning attacks

Makoto Shimamura, Kenji Kono

研究成果: Conference contribution

3 被引用数 (Scopus)

抄録

Remote code-injection attacks are one of the most frequently used attacking vectors in computer security. To detect and analyze injected code (often called shellcode), some researchers have proposed network-level code emulators. A network-level code emulator can detect shellcode accurately and help analysts to understand the behavior of shellcode. We demonstrated that memory-scanning attacks can evade current emulators, and propose Yataglass, an elaborated network-level code emulator, that enables us to analyze shellcode that incorporates memory-scanning attacks. According to our experimental results, Yataglass successfully emulated and analyzed real shellcode into which we had manually incorporated memory-scanning attacks.

本文言語English
ホスト出版物のタイトルDetection of Intrusions and Malware, and Vulnerability Assessment - 6th International Conference, DIMVA 2009, Proceedings
ページ68-87
ページ数20
DOI
出版ステータスPublished - 2009
イベント6th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, DIMVA 2009 - Como, Italy
継続期間: 2009 7 92009 7 10

出版物シリーズ

名前Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
5587 LNCS
ISSN(印刷版)0302-9743
ISSN(電子版)1611-3349

Other

Other6th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, DIMVA 2009
国/地域Italy
CityComo
Period09/7/909/7/10

ASJC Scopus subject areas

  • 理論的コンピュータサイエンス
  • コンピュータ サイエンス(全般)

フィンガープリント

「Yataglass: Network-level code emulation for analyzing memory-scanning attacks」の研究トピックを掘り下げます。これらがまとまってユニークなフィンガープリントを構成します。

引用スタイル