Sciweavers

RAID
2015
Springer

Counteracting Data-Only Malware with Code Pointer Examination

8 years 8 months ago
Counteracting Data-Only Malware with Code Pointer Examination
As new code-based defense technologies emerge, attackers move to data-only malware, which is capable of infecting a system without introducing any new code. To manipulate the control ow without code, data-only malware inserts a control data structure into the system, for example in the form of a ROP chain, which enables it to combine existing instructions into a new malicious program. Current systems try to hinder data-only malware by detecting the point in time when the malware starts executing. However, it has been shown that these approaches are not only performance consuming, but can also be subverted. In this work, we introduce a new approach, Code Pointer Examination (CPE), which aims to detect data-only malware by identifying and classifying code pointers. Instead of targeting control ow changes, our approach targets the control structure of data-only malware, which mainly consists of pointers to the instruction sequences that the malware reuses. Since the control structure is...
Thomas Kittel, Sebastian Vogl, Julian Kirsch, Clau
Added 17 Apr 2016
Updated 17 Apr 2016
Type Journal
Year 2015
Where RAID
Authors Thomas Kittel, Sebastian Vogl, Julian Kirsch, Claudia Eckert
Comments (0)