Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
ICDCS
2008
IEEE
2008
IEEE
Analysis of Maximum Executable Length for Detecting Text-Based Malware
The possibility of using purely text stream (keyboardenterable) as carrier of malware is under-researched and often underestimated. A text attack can happen at multiple levels, from code-injection attacks at the top level to hostcompromising text-based machine code at the lowest level. Since a large number of protocols are text-based, at times the servers based on those protocols use ASCII filters to allow text input only. However, simply applying ASCII filters to weed out the binary data is not enough from the security viewpoint since the assumption that malware are always binary is false. We show that although text is a subset of binary, binary malware detectors cannot always detect text malware. We analyze the MEL (Maximum Executable Length)-based detection schemes, and make two contributions by this analysis. First, although the concept of MEL has been used in various detection schemes earlier, we are the first to provide its underlying mathematical foundation. We show that the...
Real-time Traffic| Added | 30 May 2010 |
| Updated | 30 May 2010 |
| Type | Conference |
| Year | 2008 |
| Where | ICDCS |
| Authors | P. Kumar Manna, Sanjay Ranka, Shigang Chen |
Comments (0)
Researcher Info
|
