Title :
Malicious code detection by taint analysis
Author :
Zhigang, Zhang ; Fan, Guo
Author_Institution :
Coll. of Comput. Inf. Eng., Jiangxi Normal Univ., Nanchang, China
Abstract :
In general intrusion detection systems (IDS) malicious code for analyzing and processing in the network filters the data packets are in the kernel mode to capture and filter can only filter a general attack. In this paper, static blot analysis, the introduction of the concept of seed stain, the data stream into a binary package assembler to detect and filter out the stain by stain infected packets. Often malicious code unconditional jump attack the transfer of control to carry out effective identification and filtering, there by enhancing the efficiency of the network filter and recognition rate. The experiments show that static blot analysis and blot tracking methods effectively improve the class for two types of unconditional jump attack code and the three were infected with the structure of its program to other nodes in the recognition efficiency.
Keywords :
computer network security; program assemblers; program diagnostics; binary package assembler; blot tracking methods; data stream; intrusion detection systems; jump attack code; malicious code detection; network filters; static blot analysis; taint analysis; Decision support systems; Multimedia communication; network filter; self-modifying; static taint analysis; unconditional jump;
Conference_Titel :
Multimedia Communications (Mediacom), 2010 International Conference on
Conference_Location :
Hong Kong
Print_ISBN :
978-0-7695-4136-5
DOI :
10.1109/MEDIACOM.2010.56
