Title :
Anatomy of Exploit Code in Non-Executable Files using Virtualization
Author :
Choi, Younghan ; InSook Jan ; Oh, HyungGeun ; Lee, Dohoon
Author_Institution :
Electron. & Telecommun. Res. Inst.(ETRI), Daejeon
Abstract :
In this paper, we propose a methodology for detecting and analyzing the exploit code in nonexecutable files using virtualization. It is difficult to detect and analyze the exploit code in a non-executable file because the code and real data are mixed in the file. We trace the execution flow of the target software system while parsing the file, and start to analyze the exploit code when the execution flow strays outside of normal modules. The normal module region is the region that the target software system executes normally. By extracting the exploit code from the nonexecutable file, signatures for detecting the nonexecutable material, including the exploit code, can begenerated.
Keywords :
data flow analysis; program compilers; virtual reality; code generation; execution flow; exploit code; file parsing; non-executable files; normal module region; target software system; virtualization; Anatomy; Computer architecture; Control systems; Information analysis; Information technology; Intrusion detection; Kernel; Load flow analysis; Registers; Software systems; Security Vulnerability;
Conference_Titel :
Convergence and Hybrid Information Technology, 2008. ICCIT '08. Third International Conference on
Conference_Location :
Busan
Print_ISBN :
978-0-7695-3407-7
DOI :
10.1109/ICCIT.2008.247
