Efficient Shellcode Detection on Commodity Hardware
Summary :
As more and more software vulnerabilities are exposed, shellcode has become very popular in recent years. It is widely used by attackers to exploit vulnerabilities and then hijack program's execution. Previous solutions suffer from limitations in that: 1) Some methods based on static analysis may fail to detect the shellcode using obfuscation techniques. 2) Other methods based on dynamic analysis could impose considerable performance overhead. In this paper, we propose Lemo, an efficient shellcode detection system. Our system is compatible with commodity hardware and operating systems, which enables deployment. To improve the performance of our system, we make use of the multi-core technology. The experiments show that our system can detect shellcode efficiently.
- Publication
- IEICE TRANSACTIONS on Information Vol.E96-D No.10 pp.2272-2276
- Publication Date
- 2013/10/01
- Publicized
- Online ISSN
- 1745-1361
- DOI
- 10.1587/transinf.E96.D.2272
- Type of Manuscript
- LETTER
- Category
- Software System
Authors
Donghai TIAN
Beijing Institute of Technology,Chinese Academy of Sciences
Mo CHEN
Beijing Institute of Technology,Chinese Academy of Sciences
Changzhen HU
Beijing Institute of Technology,Chinese Academy of Sciences
Xuanya LI
Beijing Institute of Technology,Chinese Academy of Sciences
Keyword
Latest Issue
Copyrights notice of machine-translated contents
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Cite this
Copy
Donghai TIAN, Mo CHEN, Changzhen HU, Xuanya LI, "Efficient Shellcode Detection on Commodity Hardware" in IEICE TRANSACTIONS on Information,
vol. E96-D, no. 10, pp. 2272-2276, October 2013, doi: 10.1587/transinf.E96.D.2272.
Abstract: As more and more software vulnerabilities are exposed, shellcode has become very popular in recent years. It is widely used by attackers to exploit vulnerabilities and then hijack program's execution. Previous solutions suffer from limitations in that: 1) Some methods based on static analysis may fail to detect the shellcode using obfuscation techniques. 2) Other methods based on dynamic analysis could impose considerable performance overhead. In this paper, we propose Lemo, an efficient shellcode detection system. Our system is compatible with commodity hardware and operating systems, which enables deployment. To improve the performance of our system, we make use of the multi-core technology. The experiments show that our system can detect shellcode efficiently.
URL: https://globals.ieice.org/en_transactions/information/10.1587/transinf.E96.D.2272/_p
Copy
@ARTICLE{e96-d_10_2272,
author={Donghai TIAN, Mo CHEN, Changzhen HU, Xuanya LI, },
journal={IEICE TRANSACTIONS on Information},
title={Efficient Shellcode Detection on Commodity Hardware},
year={2013},
volume={E96-D},
number={10},
pages={2272-2276},
abstract={As more and more software vulnerabilities are exposed, shellcode has become very popular in recent years. It is widely used by attackers to exploit vulnerabilities and then hijack program's execution. Previous solutions suffer from limitations in that: 1) Some methods based on static analysis may fail to detect the shellcode using obfuscation techniques. 2) Other methods based on dynamic analysis could impose considerable performance overhead. In this paper, we propose Lemo, an efficient shellcode detection system. Our system is compatible with commodity hardware and operating systems, which enables deployment. To improve the performance of our system, we make use of the multi-core technology. The experiments show that our system can detect shellcode efficiently.},
keywords={},
doi={10.1587/transinf.E96.D.2272},
ISSN={1745-1361},
month={October},}
Copy
TY - JOUR
TI - Efficient Shellcode Detection on Commodity Hardware
T2 - IEICE TRANSACTIONS on Information
SP - 2272
EP - 2276
AU - Donghai TIAN
AU - Mo CHEN
AU - Changzhen HU
AU - Xuanya LI
PY - 2013
DO - 10.1587/transinf.E96.D.2272
JO - IEICE TRANSACTIONS on Information
SN - 1745-1361
VL - E96-D
IS - 10
JA - IEICE TRANSACTIONS on Information
Y1 - October 2013
AB - As more and more software vulnerabilities are exposed, shellcode has become very popular in recent years. It is widely used by attackers to exploit vulnerabilities and then hijack program's execution. Previous solutions suffer from limitations in that: 1) Some methods based on static analysis may fail to detect the shellcode using obfuscation techniques. 2) Other methods based on dynamic analysis could impose considerable performance overhead. In this paper, we propose Lemo, an efficient shellcode detection system. Our system is compatible with commodity hardware and operating systems, which enables deployment. To improve the performance of our system, we make use of the multi-core technology. The experiments show that our system can detect shellcode efficiently.
ER -
FlyerIEICE has prepared a flyer regarding multilingual services. Please use the one in your native language.
English
