Automated Forensic Techniques for Locating Zero-day Exploits
نویسنده
چکیده
.............................................................................................................................. ii Acknowledgments: ............................................................................................................ iv List of tables: ...................................................................................................................... ix List of figures: ..................................................................................................................... x Chapter 1: Overview ........................................................................................................... 1 1.1 Problem Statement: ................................................................................................... 1 1.2 Hypothesis: ............................................................................................................... 1 1.3 Threat Model:............................................................................................................ 1 1.4 Approach: .................................................................................................................. 5 1.5 Contributions: ........................................................................................................... 8 1.6 Analysis and Metrics: ............................................................................................... 9 1.7 Thesis Organization: ............................................................................................... 10 Chapter 2: Related Research in Virtualized Forensic Acquisition ................................... 11 2.1 Primer on Virtualization ......................................................................................... 11 2.2 Combating and Analyzing Malicious Code with Virtualization ............................. 13 2.3 Hardware-based Techniques ................................................................................... 15 2.4 Virtual Memory Introspection ................................................................................ 18 2.4.1 Introspection Toolkits ...................................................................................... 18
منابع مشابه
Semantics-Preserving Dissection of JavaScript Exploits via Dynamic JS-Binary Analysis
JavaScript exploits impose a severe threat to computer security. Once a zero-day exploit is captured, it is critical to quickly pinpoint the JavaScript statements that uniquely characterize the exploit and the payload location in the exploit. However, the current diagnosis techniques are inadequate because they approach the problem either from a JavaScript perspective and fail to account for “i...
متن کاملFirst International Workshop on Automated Forensic Handwriting
PREFACE Handwriting is considered as a representative of human behavior and characteristics since centuries. With the evolution of modern computing technologies, researchers have moved towards the automated analysis of handwriting. The shift towards automated analysis of handwriting has even fortified by the interest various industries have in this field. One of the most important applications ...
متن کاملN-Version Programming for the Detection of Zero-day Exploits
Using N-Version programming techniques to increase software reliability is a well-explored field. In this paper, we extend the concept to the detection of new security vulnerabilities. Using our own N-Version arbiter, Judicare, we implement a simple auction web application, and demonstrate how our application is robust to the most common Web vulnerabilities as documented by OWASP. Finally, we d...
متن کاملPypette: A Framework for the Automated Evaluation of Live Digital Forensic Techniques
With the increasing scale of digital forensic investigations, there is a need for approaches that are capable of reducing the quantities of data forensic examiners are required to search. Meanwhile, as anti-forensic and encryption techniques evolve, there is an increasing need to capture relevant information from a machine before powering it off. Numerous approaches to live forensic evidence ac...
متن کاملAUTOMATED SIZING OF TRUSS STRUCTURES USING A COMPUTATIONALLY IMPROVED SOPT ALGORITHM
The present study attempts to apply an efficient yet simple optimization (SOPT) algorithm to optimum design of truss structures under stress and displacement constraints. The computational efficiency of the technique is improved through avoiding unnecessary analyses during the course of optimization using the so-called upper bound strategy (UBS). The efficiency of the UBS integrated SOPT algori...
متن کامل