The base-rate fallacy and its implications for the difficulty of intrusion detection
CCS '99 Proceedings of the 6th ACM conference on Computer and communications security
Mimicry attacks on host-based intrusion detection systems
Proceedings of the 9th ACM conference on Computer and communications security
Detecting Manipulated Remote Call Streams
Proceedings of the 11th USENIX Security Symposium
Learning Program Behavior Profiles for Intrusion Detection
Proceedings of the Workshop on Intrusion Detection and Network Monitoring
Static Analysis of Binary Code to Isolate Malicious Behaviors
WETICE '99 Proceedings of the 8th Workshop on Enabling Technologies on Infrastructure for Collaborative Enterprises
Anomaly Detection Using Call Stack Information
SP '03 Proceedings of the 2003 IEEE Symposium on Security and Privacy
Intrusion Detection via Static Analysis
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
Scalability, fidelity, and containment in the potemkin virtual honeyfarm
Proceedings of the twentieth ACM symposium on Operating systems principles
Proceedings of the 1st ACM SIGOPS/EuroSys European Conference on Computer Systems 2006
OSDI'04 Proceedings of the 6th conference on Symposium on Opearting Systems Design & Implementation - Volume 6
Protecting against unexpected system calls
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
AWE: improving software analysis through modular integration of static and dynamic analyses
PASTE '07 Proceedings of the 7th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering
IMDS: intelligent malware detection system
Proceedings of the 13th ACM SIGKDD international conference on Knowledge discovery and data mining
Characterizing Bots' Remote Control Behavior
DIMVA '07 Proceedings of the 4th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Signature Generation and Detection of Malware Families
ACISP '08 Proceedings of the 13th Australasian conference on Information Security and Privacy
Data mining methods for malware detection using instruction sequences
AIA '08 Proceedings of the 26th IASTED International Conference on Artificial Intelligence and Applications
Malware detection based on mining API calls
Proceedings of the 2010 ACM Symposium on Applied Computing
MEDUSA: MEtamorphic malware dynamic analysis usingsignature from API
Proceedings of the 3rd international conference on Security of information and networks
FLIPS: hybrid adaptive intrusion prevention
RAID'05 Proceedings of the 8th international conference on Recent Advances in Intrusion Detection
API monitoring system for defeating worms and exploits in MS-Windows system
ACISP'06 Proceedings of the 11th Australasian conference on Information Security and Privacy
Runtime countermeasures for code injection attacks against C and C++ programs
ACM Computing Surveys (CSUR)
Randomizing smartphone malware profiles against statistical mining techniques
DBSec'12 Proceedings of the 26th Annual IFIP WG 11.3 conference on Data and Applications Security and Privacy
Classification of polymorphic and metamorphic malware samples based on their behavior
Proceedings of the Fifth International Conference on Security of Information and Networks
JStill: mostly static detection of obfuscated malicious JavaScript code
Proceedings of the third ACM conference on Data and application security and privacy
HDM-Analyser: a hybrid analysis approach based on data mining techniques for malware detection
Journal in Computer Virology
Zero-day malware detection based on supervised learning algorithms of API call signatures
AusDM '11 Proceedings of the Ninth Australasian Data Mining Conference - Volume 121
Detecting malicious behaviour using supervised learning algorithms of the function calls
International Journal of Electronic Security and Digital Forensics
Hi-index | 0.00 |
This paper presents DOME, a host-based technique for detecting several general classes of malicious code in software executables. DOME uses static analysis to identify the locations (virtual addresses) of system calls within the software executables, and then monitors the executables at runtime to verify that every observed system call is made from a location identified using static analysis. The power of this technique is that it is simple, practical, applicable to real-world software, and highly effective against injected, dynamically generated, and obfuscated malicious code.