An Empirical Study of Real-world Polymorphic Code Injection Attacks
نویسندگان
چکیده
Remote code injection attacks against network services remain one of the most effective and widely used exploitation methods for malware propagation. In this paper, we present a study of more than 1.2 million polymorphic code injection attacks targeting production systems, captured using network-level emulation. We focus on the analysis of the structure and operation of the attack code, as well as the overall attack activity in relation to the targeted services. The observed attacks employ a highly diverse set of exploits, often against less widely used vulnerable services, while our results indicate limited use of sophisticated obfuscation schemes and extensive code reuse among different malware families.
منابع مشابه
Dwarf Frankenstein is still in your memory: tiny code reuse attacks
Code reuse attacks such as return oriented programming and jump oriented programming are the most popular exploitation methods among attackers. A large number of practical and non-practical defenses are proposed that differ in their overhead, the source code requirement, detection rate and implementation dependencies. However, a usual aspect among these methods is consideration of the common be...
متن کاملSide channel parameter characteristics of code injection attacks
Embedded systems are suggestive targets for code injection attacks in the recent years. Software protection mechanisms, and in general computers, are not usually applicable in embedded systems since they have limited resources like memory and process power. In this paper we investigate side channel characteristics of embedded systems and their applicability in code injection attack detection. T...
متن کاملAggrandizing the beast's limbs: patulous code reuse attack on ARM architecture
Since smartphones are usually personal devices full of private information, they are a popular target for a vast variety of real-world attacks such as Code Reuse Attack (CRA). CRAs enable attackers to execute any arbitrary algorithm on a device without injecting an executable code. Since the standard platform for mobile devices is ARM architecture, we concentrate on available ARM-based CRAs. Cu...
متن کاملReal-world Detection of Polymorphic Attacks
As state-of-the-art attack detection technology becomes more prevalent, attackers have started to employ evasion techniques such as code obfuscation and polymorphism to defeat existing defenses. We have recently proposed network-level emulation, a heuristic detection method that scans network traffic to detect polymorphic attacks. Our approach uses a CPU emulator to dynamically analyze every po...
متن کاملReal-world Polymorphic Attack Detection
As state-of-the-art attack detection technology becomes more prevalent, attackers have started to employ evasion techniques such as code obfuscation and polymorphism to defeat existing defenses. We have recently proposed network-level emulation, a heuristic detection method that scans network traffic to detect polymorphic attacks. Our approach uses a CPU emulator to dynamically analyze every po...
متن کامل