Skip to main content
Conference Proceedings

Hybrid engine for polymorphic shellcode detection

Lecture Notes in Computer Science (2005) 3548(Detection of Intrusions and Malware, and Vulnerability Assessment: Second International Conference, DIMVA 2005. Proceedings) 19-31
DOI: 10.1007/11506881_2
19Citations
Citations of this article
20Readers
Mendeley users who have this article in their library.
Get full text

Abstract

Driven by the permanent search for reliable anomaly-based intrusion detection mechanisms, we investigated different options of neural network (NN) based techniques. A further improvement could be achieved by combining the best suited NN-based data mining techniques with a mechanism we call "execution chain evaluation". This means that disassembled instruction chains are processed by the NN in order to detect malicious code. The proposed detection engine was trained and tested in various ways. Examples were taken from all publicly available polymorphic shellcode engines as well as from self-designed engines. A prototype implementation of our sensor has been realized and integrated as a plug-in into the SNORT™ [13] intrusion detection system. © Springer-Verlag Berlin Heidelberg 2005.

Author supplied keywords

Cite

CITATION STYLE

APA

Payer, U., Teufl, P., & Lamberger, M. (2005). Hybrid engine for polymorphic shellcode detection. In Lecture Notes in Computer Science (Vol. 3548, pp. 19–31). Springer Verlag. https://doi.org/10.1007/11506881_2

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free