Sciweavers

ICDCS
2008
IEEE

Analysis of Maximum Executable Length for Detecting Text-Based Malware

14 years 6 months ago
Analysis of Maximum Executable Length for Detecting Text-Based Malware
The possibility of using purely text stream (keyboardenterable) as carrier of malware is under-researched and often underestimated. A text attack can happen at multiple levels, from code-injection attacks at the top level to hostcompromising text-based machine code at the lowest level. Since a large number of protocols are text-based, at times the servers based on those protocols use ASCII filters to allow text input only. However, simply applying ASCII filters to weed out the binary data is not enough from the security viewpoint since the assumption that malware are always binary is false. We show that although text is a subset of binary, binary malware detectors cannot always detect text malware. We analyze the MEL (Maximum Executable Length)-based detection schemes, and make two contributions by this analysis. First, although the concept of MEL has been used in various detection schemes earlier, we are the first to provide its underlying mathematical foundation. We show that the...
P. Kumar Manna, Sanjay Ranka, Shigang Chen
Added 30 May 2010
Updated 30 May 2010
Type Conference
Year 2008
Where ICDCS
Authors P. Kumar Manna, Sanjay Ranka, Shigang Chen
Comments (0)