Skip to main content
Conference Proceedings

Trace-based analysis of memory corruption malware attacks

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (2017) 10629 LNCS 67-82
DOI: 10.1007/978-3-319-70389-3_5
0Citations
Citations of this article
9Readers
Mendeley users who have this article in their library.
Get full text

Abstract

Understanding malware behavior is critical for cybersecurity. This is still largely done through expert manual analysis of the malware code/binary. In this work, we introduce a fully automated method for malware analysis that utilizes memory traces of program execution. Given both benign and malicious execution traces of a program, the method identifies memory segments specific to the malware attack, and then uses them to localize the attack in the source code. We evaluated our method on the RIPE benchmark for memory corruption malware attacks and demonstrated its ability to: (i) perform diagnosis by identifying the program location of both code corruption (e.g. buffer overflow location) and attack execution (e.g. control flow to payload), (ii) recognize the characteristics of different attacks.

Cite

CITATION STYLE

APA

Xu, Z., Gupta, A., & Malik, S. (2017). Trace-based analysis of memory corruption malware attacks. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 10629 LNCS, pp. 67–82). Springer Verlag. https://doi.org/10.1007/978-3-319-70389-3_5

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free