• DocumentCode
    3498359
  • Title

    Anatomy of Exploit Code in Non-Executable Files using Virtualization

  • Author

    Choi, Younghan ; InSook Jan ; Oh, HyungGeun ; Lee, Dohoon

  • Author_Institution
    Electron. & Telecommun. Res. Inst.(ETRI), Daejeon
  • Volume
    2
  • fYear
    2008
  • fDate
    11-13 Nov. 2008
  • Firstpage
    574
  • Lastpage
    577
  • Abstract
    In this paper, we propose a methodology for detecting and analyzing the exploit code in nonexecutable files using virtualization. It is difficult to detect and analyze the exploit code in a non-executable file because the code and real data are mixed in the file. We trace the execution flow of the target software system while parsing the file, and start to analyze the exploit code when the execution flow strays outside of normal modules. The normal module region is the region that the target software system executes normally. By extracting the exploit code from the nonexecutable file, signatures for detecting the nonexecutable material, including the exploit code, can begenerated.
  • Keywords
    data flow analysis; program compilers; virtual reality; code generation; execution flow; exploit code; file parsing; non-executable files; normal module region; target software system; virtualization; Anatomy; Computer architecture; Control systems; Information analysis; Information technology; Intrusion detection; Kernel; Load flow analysis; Registers; Software systems; Security Vulnerability;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Convergence and Hybrid Information Technology, 2008. ICCIT '08. Third International Conference on
  • Conference_Location
    Busan
  • Print_ISBN
    978-0-7695-3407-7
  • Type

    conf

  • DOI
    10.1109/ICCIT.2008.247
  • Filename
    4682304
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=3498359