Specification and evaluation of polymorphic shellcode properties using a new temporal logic

Abstract : It is a well-known fact that polymorphism is one of the greatest find of malicious code authors. Applied in the context of Buffer Overflow attacks, the detection of such codes becomes very difficult. In view of this problematic, which constitutes a real challenge for all the international community, we propose in this paper a new formal language (based on temporal logics such as CTL) allowing to specify polymorphic codes, to detect them and to better understand their nature. The efficiency and the expressiveness of this language are shown via the specification of a variety of properties characterizing polymorphic shellcodes. Finally, to make the verification process automatic, this language is supported by a new IDS (Intrusion Detection System) that will also be presented in this paper.
Document type :
Journal articles
Complete list of metadatas

https://hal-supelec.archives-ouvertes.fr/hal-00441418
Contributor : Myriam Andrieux <>
Submitted on : Wednesday, December 16, 2009 - 9:01:35 AM
Last modification on : Tuesday, June 5, 2018 - 3:54:02 PM

Links full text

Identifiers

Collections

Citation

Mehdi Talbi, Mohammed Mejri, Adel Bouhoula. Specification and evaluation of polymorphic shellcode properties using a new temporal logic. Journal in Computer Virology, Springer Verlag, 2009, Vol.5 (3), pp. 171-186. ⟨10.1007/s11416-008-0089-x⟩. ⟨hal-00441418⟩

Share

Metrics

Record views

155