Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
DIMVA
2009
2009
Yataglass: Network-Level Code Emulation for Analyzing Memory-Scanning Attacks
Remote code-injection attacks are one of the most frequently used attacking vectors in computer security. To detect and analyze injected code (often called shellcode), some researchers have proposed networklevel code emulators. A network-level code emulator can detect shellcode accurately and help analysts to understand the behavior of shellcode. We demonstrated that memory-scanning attacks can evade current emulators, and propose Yataglass, an elaborated network-level code emulator, that enables us to analyze shellcode that incorporates memory-scanning attacks. According to our experimental results, Yataglass successfully emulated and analyzed real shellcode into which we had manually incorporated memory-scanning attacks. Key words: Network-level code emulation, Code-injection attack, Memoryscanning attack, Intrusion detection, Intrusion analysis
Real-time Traffic| Added | 09 Nov 2010 |
| Updated | 09 Nov 2010 |
| Type | Conference |
| Year | 2009 |
| Where | DIMVA |
| Authors | Makoto Shimamura, Kenji Kono |
Comments (0)
Researcher Info
|
