• DocumentCode
    2653198
  • Title

    Function Call Mechanism Based Executable Code Detection for the Network Security

  • Author

    Kim, Daewon ; Choi, Yangseo ; Kim, Ikkyun ; Oh, Jintae ; Jang, Jongsoo

  • Author_Institution
    Inf. Security Res. Div., Electron. & Telecommun. Res. Inst. in Korea, Daejeon
  • fYear
    2008
  • fDate
    July 28 2008-Aug. 1 2008
  • Firstpage
    62
  • Lastpage
    67
  • Abstract
    The general method in which attackers obtain the control authority of the remote host is through the exploit code. Motivated by the viewpoint that the exploit code normally contains some executable codes, we propose a method of detecting the executable codes included in packets for the network security. Because some parts in the executable codes essentially include the function call related instruction patterns, we propose an approach detecting the instruction patterns following the function call mechanism. We have implemented a prototype and evaluated it against a variety of the executable and non-executable codes. The results show that the proposed method properly classifies the executable and non-executable codes.
  • Keywords
    authorisation; codes; telecommunication security; control authority; executable code detection; function call mechanism; instruction patterns; network security; nonexecutable codes; Cryptography; IP networks; Information security; Intrusion detection; Pattern matching; Probability; Programming profession; Prototypes; Telecommunication control; exploit; network; security; shellcode;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Applications and the Internet, 2008. SAINT 2008. International Symposium on
  • Conference_Location
    Turku
  • Print_ISBN
    978-0-7695-3297-4
  • Type

    conf

  • DOI
    10.1109/SAINT.2008.13
  • Filename
    4604544
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=2653198