Analyzing Network Traffic To Detect Self-Decrypting Exploit Code

Home / Networking / Analyzing Network Traffic To Detect Self-Decrypting Exploit Code
Name Analyzing Network Traffic To Detect Self-Decrypting Exploit Code
Technology NS2
Category Networking
Description ABSTRACT Remotely-launched software exploits are a common way for attackers to intrude into vulnerable computer systems. As detection techniques improve, remote exploitation techniques are also evolving. Recent techniques for evasion of exploit detection include polymorphism (code encryption) and metamorphism (code obfuscation). This paper addresses the problem of detecting in network traffic polymorphic remote exploits that are encrypted, and that self-decrypt before launching the intrusion. Such exploits pose a great challenge to existing malware detection techniques, partly due to the non-obvious starting location of the exploit code in the network payload.
IEEE Paper Yes
IEEE Paper Year 2013

Contact Form

Leave a Reply