Sciweavers

DIMVA
2009

Yataglass: Network-Level Code Emulation for Analyzing Memory-Scanning Attacks

14 years 1 months ago
Yataglass: Network-Level Code Emulation for Analyzing Memory-Scanning Attacks
Remote code-injection attacks are one of the most frequently used attacking vectors in computer security. To detect and analyze injected code (often called shellcode), some researchers have proposed networklevel code emulators. A network-level code emulator can detect shellcode accurately and help analysts to understand the behavior of shellcode. We demonstrated that memory-scanning attacks can evade current emulators, and propose Yataglass, an elaborated network-level code emulator, that enables us to analyze shellcode that incorporates memory-scanning attacks. According to our experimental results, Yataglass successfully emulated and analyzed real shellcode into which we had manually incorporated memory-scanning attacks. Key words: Network-level code emulation, Code-injection attack, Memoryscanning attack, Intrusion detection, Intrusion analysis
Makoto Shimamura, Kenji Kono
Added 09 Nov 2010
Updated 09 Nov 2010
Type Conference
Year 2009
Where DIMVA
Authors Makoto Shimamura, Kenji Kono
Comments (0)