Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
ACSAC
2008
IEEE
2008
IEEE
STILL: Exploit Code Detection via Static Taint and Initialization Analyses
We propose STILL, a generic defense based on Static Taint and InitiaLization anaLyses, to detect exploit code embedded in data streams/requests targeting at various Internet services such as Web services. STILL first blindly disassembles each request, generates a (probably partial) control flow graph, and then uses novel static taint and initialization analysis algorithms to determine if strong evidence of self-modifying (including polymorphism) and/or indirect jump code obfuscation behavior can be collected. If such evidence exists, STILL will raise an alarm and block the request; otherwise, STILL will perform another form of static taint analysis to check whether unobfuscated or other types of obfuscated exploit code (e.g., metamorphism, etc) is embedded in the request. To the best of our knowledge, compared with existing static analysis approaches developed for the same purpose, STILL is (a) the first one that can detect self-modifying code and indirect jump, and (b) a more comp...
Real-time Traffic| Added | 28 May 2010 |
| Updated | 28 May 2010 |
| Type | Conference |
| Year | 2008 |
| Where | ACSAC |
| Authors | Xinran Wang, Yoon-chan Jhi, Sencun Zhu, Peng Liu |
Comments (0)
Researcher Info
|
