Approximation algorithms for NP-hard problems
Approximation algorithms for NP-hard problems
IEEE Security and Privacy
Shield: vulnerability-driven network filters for preventing known vulnerability exploits
Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications
Characteristics of internet background radiation
Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
The Art of Computer Virus Research and Defense
The Art of Computer Virus Research and Defense
Pin: building customized program analysis tools with dynamic instrumentation
Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation
Vigilante: end-to-end containment of internet worms
Proceedings of the twentieth ACM symposium on Operating systems principles
On deriving unknown vulnerabilities from zero-day polymorphic and metamorphic worm exploits
Proceedings of the 12th ACM conference on Computer and communications security
OSDI'04 Proceedings of the 6th conference on Symposium on Opearting Systems Design & Implementation - Volume 6
Autograph: toward automated, distributed worm signature detection
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
DIMVA'05 Proceedings of the Second international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Polymorphic worm detection using structural information of executables
RAID'05 Proceedings of the 8th international conference on Recent Advances in Intrusion Detection
Yataglass: Network-Level Code Emulation for Analyzing Memory-Scanning Attacks
DIMVA '09 Proceedings of the 6th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment
An empirical study of malware evolution
COMSNETS'09 Proceedings of the First international conference on COMmunication Systems And NETworks
Emulation-based detection of non-self-contained polymorphic shellcode
RAID'07 Proceedings of the 10th international conference on Recent advances in intrusion detection
Automated classification and analysis of internet malware
RAID'07 Proceedings of the 10th international conference on Recent advances in intrusion detection
An empirical study of real-world polymorphic code injection attacks
LEET'09 Proceedings of the 2nd USENIX conference on Large-scale exploits and emergent threats: botnets, spyware, worms, and more
OSDI'08 Proceedings of the 8th USENIX conference on Operating systems design and implementation
Comprehensive shellcode detection using runtime heuristics
Proceedings of the 26th Annual Computer Security Applications Conference
Towards automatic software lineage inference
SEC'13 Proceedings of the 22nd USENIX conference on Security
| Hi-index | 0.00 |
Remote code injection exploits inflict a significant societal cost, and an active underground economy has grown up around these continually evolving attacks. We present a methodology for inferring the phylogeny, or evolutionary tree, of such exploits. We have applied this methodology to traffic captured at several vantage points, and we demonstrate that our methodology is robust to the observed polymorphism. Our techniques revealed non-trivial code sharing among different exploit families, and the resulting phylogenies accurately captured the subtle variations among exploits within each family. Thus, we believe our methodology and results are a helpful step to better understanding the evolution of remote code injection exploits on the Internet.