In 2005, Kruegel et al. proposed a variation of the traditional mimicry attack, to which we will refer to as automatic mimicry, which can defeat existing system call based HIDS models. We show how such an attack can be defeated by using information provided by the Interprocedural Control Flow Graph (ICFG). Roughly speaking, by exploiting the ICFG of a protected binary, we propose a strategy based on the use of static analysis techniques which is able to localize critical regions inside a program, which are segments of code that could be used for exploiting an automatic mimicry attack. Once the critical regions have been recognized, their code is instrumented in such a way that, during the executions of such regions, the integrity of the dan...
Malicious code is an increasingly important problem that threatens the security of computer systems....
Beginning with the work of Forrest et al, several researchers have developed intrusion detection tec...
We investigate how system call-based detection mechanisms can be made more resistant against mimicry...
Intrusion detection systems that monitor sequences of system calls have recently become more sophist...
In this paper we propose a new strategy for dealing with the impossible path execution (IPE) and the...
This report addresses de-obfuscation on programs. The targeted obfuscation scheme is the control flo...
Control flow integrity (CFI) has been proposed as an approach to defend against control-hijacking me...
Abstract. A common way by which attackers gain control of hosts is through remote exploits. A new di...
Malicious code detection is a crucial component of any defense mechanism. In this paper, we present ...
Abstract. A mimicry attack is an exploit in which basic behavioral objectives of a minimalist ’core ...
Static program analysis computes information about a program without executing the program. This can...
Control Flow Analysis (CFA) has been proven successful for the analysis of cryptographic protocols. ...
System programming languages such as C and C++ are ubiquitously used for systems software such as br...
Thesis: M. Eng., Massachusetts Institute of Technology, Department of Electrical Engineering and Com...
We present an obfuscation strategy to protect a program against injection attacks. The strategy repr...
Malicious code is an increasingly important problem that threatens the security of computer systems....
Beginning with the work of Forrest et al, several researchers have developed intrusion detection tec...
We investigate how system call-based detection mechanisms can be made more resistant against mimicry...
Intrusion detection systems that monitor sequences of system calls have recently become more sophist...
In this paper we propose a new strategy for dealing with the impossible path execution (IPE) and the...
This report addresses de-obfuscation on programs. The targeted obfuscation scheme is the control flo...
Control flow integrity (CFI) has been proposed as an approach to defend against control-hijacking me...
Abstract. A common way by which attackers gain control of hosts is through remote exploits. A new di...
Malicious code detection is a crucial component of any defense mechanism. In this paper, we present ...
Abstract. A mimicry attack is an exploit in which basic behavioral objectives of a minimalist ’core ...
Static program analysis computes information about a program without executing the program. This can...
Control Flow Analysis (CFA) has been proven successful for the analysis of cryptographic protocols. ...
System programming languages such as C and C++ are ubiquitously used for systems software such as br...
Thesis: M. Eng., Massachusetts Institute of Technology, Department of Electrical Engineering and Com...
We present an obfuscation strategy to protect a program against injection attacks. The strategy repr...
Malicious code is an increasingly important problem that threatens the security of computer systems....
Beginning with the work of Forrest et al, several researchers have developed intrusion detection tec...
We investigate how system call-based detection mechanisms can be made more resistant against mimicry...