Sciweavers

CCS
2005
ACM

On deriving unknown vulnerabilities from zero-day polymorphic and metamorphic worm exploits

14 years 6 months ago
On deriving unknown vulnerabilities from zero-day polymorphic and metamorphic worm exploits
Vulnerabilities that allow worms to hijack the control flow of each host that they spread to are typically discovered months before the worm outbreak, but are also typically discovered by third party researchers. A determined attacker could discover vulnerabilities as easily and create zero-day worms for vulnerabilities unknown to network defenses. It is important for an analysis tool to be able to generalize from a new exploit observed and derive protection for the vulnerability. Many researchers have observed that certain predicates of the exploit vector must be present for the exploit to work and that therefore these predicates place a limit on the amount of polymorphism and metamorphism available to the attacker. We formalize this idea and subject it to quantitative analysis with a symbolic execution tool called DACODA. Using DACODA we provide an empirical analysis of 14 exploits (seven of them actual worms or attacks from the Internet, caught by Minos with no prior knowledge of ...
Jedidiah R. Crandall, Zhendong Su, Shyhtsun Felix
Added 26 Jun 2010
Updated 26 Jun 2010
Type Conference
Year 2005
Where CCS
Authors Jedidiah R. Crandall, Zhendong Su, Shyhtsun Felix Wu, Frederic T. Chong
Comments (0)