| 典型Shellcode引擎特征检测方法研究 |
| |
| 引用本文: | 张登银,洪福鑫.典型Shellcode引擎特征检测方法研究[J].微机发展,2010(1):18-21. |
| |
| 作者姓名: | 张登银 洪福鑫 |
| |
| 作者单位: | 南京邮电大学计算机学院; |
| |
| 基金项目: | 国家863计划项目(2007AA701302,2008AA701202) |
| |
| 摘 要: | 通用的shellcode引擎大都采用特定运算对shellcode进行编码,使得shellcode具有规避传统的代码特征检测系统的能力。为了检测具有规避传统检测能力的shellcode,深入分析目前典型shellcode引擎的工作原理,在此基础上研究引擎产生shellcode的代码特征和行为特征,进而提出了基于这两类特征的针对性综合检测方法。实验结果表明,这种综合检测方法可以针对性地、有效地检测并阻止这类shellcode的执行,同时对其它shellcode也能实现一定程度上的检测,而且虚警和漏警率为0。该检测系统对恶意代码的检测具有一定的应用价值。
|
| 关 键 词: | Shellcode引擎 指令 特征检测 |
Research on Character Detection for Typical Shellcode Engine |
| |
| ZHANG Deng-yin,HONG Fu-xin.Research on Character Detection for Typical Shellcode Engine[J].Microcomputer Development,2010(1):18-21. |
| |
| Authors: | ZHANG Deng-yin HONG Fu-xin |
| |
| Affiliation: | ZHANG Deng-yin,HONG Fu-xin(College of Computer,Nanjing University of Posts , Telecommunications,Nanjing 210003,China) |
| |
| Abstract: | Shellcode engine usually adopts certain operations which enables shellcode to evade the detection based on data types.In order to detect these shellcode,in this paper,the principle of typical shellcode engine at present is in-depth analyzed.Then the data types and characters of shellcode action are researched.Furthermore,the detecting method aimed at these two kinds of shellcode characters is proposed.The experiment result shows that this approaches is effective and pointed to detect shellcode and prevent i... |
| |
| Keywords: | shellcode engine opcode character detection |
| 本文献已被 CNKI 维普 等数据库收录! |
|
