Detection of Intrusions and Malware, and Vulnerability Assessment: 5th International Conference, DIMVA 2008, Paris, France, July 10-11, 2008, Proceedings (Lecture Notes in Computer Science, 5137) 3540705414, 9783540705413
This book constitutes the refereed proceedings of the 5th International Conference on Detection of Intrusions and Malwar
109 90 11MB
English Pages 289 [288] Year 2008
Table of contents :
Title Page
Preface
Organization
Table of Contents
Data Space Randomization
Introduction
Paper Organization
Transformation Overview
Pointer Analysis
Mask Assignment
Implementation
Handling Overflows within Structures
Handling Variable Argument Functions
Transformation of Libraries
Evaluation
Functionality
Runtime Overheads
Analysis of Effectiveness Against Different Attacks
Related Work
Conclusion
References
XSS-GUARD: Precise Dynamic Prevention of Cross-Site Scripting Attacks
Introduction
Challenges in Preventing XSS Attacks
Some XSS Attack Scenarios
Our Approach
A Generic Mechanism for Identifying Script Content
Shadow Pages: ComputingWeb Application Intent
Distinguishing XSS Attack Instances from Authorized Scripts
Experimental Evaluation
Effectiveness Evaluation
A Comprehensive Evaluation of Resilience
Performance
Verifying Safe-Passage of Benign HTML Tags in Untrusted Contents
Discussion
Related Work
Vulnerability Analysis Based Approaches
Attack Prevention Approaches
Conclusion
References
VeriKey: A Dynamic Certificate Verification System for Public Key Exchanges
Introduction
Related Work
SSL Man-in-the-Middle Attack Overview
System Architecture
Design Considerations
Certificate Verification Components
System Deployment
Certificate Integrity and Verification
Verification Server Selection
Evaluation
Experimental Setup
Verification Process Overhead
Man-in-the-Middle Attack Prevention
System Limitations
Security and Performance Optimizations
Conclusion
References
Dynamic Binary Instrumentation-Based Framework for Malware Defense
Introduction
Overview
Details of the Proposed Approach
Design and Implementation of the $Testing$ Environment
Design and Implementation of the $Real$ Environment
Evaluation
Virus Detection Results
Execution Time Overheads
Conclusion
References
Embedded Malware Detection Using Markov $n$-Grams
Introduction
Attack Scenarios
Related Work
Data
Benign Dataset
Malware Dataset
Infected Dataset
Pilot Experimental Studies
Whole File n-Grams for Embedded Malware Detection
Block-Wise n-Grams for Embedded Malware’s Location Identification
Discussion
Modeling and Quantification of $n$-Gram Information
Correlation in File Data
A Statistical Model of Benign Byte Sequences
Classification Using Entropy Rate Thresholding
Classification Results
Limitations of the Markov $n$-Gram Detector
Conclusions
References
Learning and Classification of Malware Behavior
Introduction
Related Work
Methodology
Malware Corpus for Learning
MonitoringMalware Behavior
Feature Extraction and Embedding
Learning and Classification
Explanation of Classification
Experiments
Classification ofMalware Behavior
Prediction of Malware Families
Identification of Unknown Behavior
Explaining Malware Behavior Classification
Limitations
Conclusions
References
On Race Vulnerabilities in Web Applications
Introduction
Race Conditions in Web Applications
Case Studies
Detecting Race Conditions in LAMP-Like Web Applications
SQL-Query Logger
Off-Line Analyzer: Basic Approach
Off-Line Analyzer: Further Heuristics
Implementation
Discussion
Evaluation
Countermeasures
Related Work
Conclusions
References
On the Limits of Information Flow Techniques for Malware Analysis and Containment
Introduction
Stand-Alone Untrusted Applications
Evasion Using Control Dependence and Implicit Flows
Difficulty ofMitigating Evasion Attacks
Implications
Analyzing Runtime Behavior of Shared-Memory Extensions
Attacks Using ArbitraryMemory Corruption
AttackingMechanisms Used to Determine Execution Context
AttackingMeta-data Integrity
Analyzing Future Behavior of Malware
Evasion Using Memory Errors
Implications
Related Work
Conclusion
References
Expanding Malware Defense by Securing Software Installations
Introduction
Threat Model and Defense Overview
Install-Time Threats
Uninstall-Time Threats
Approach Overview
Initial Installation Phase
Policy Checking Phase
Commit/Abort Phase
Secure Execution of Installed Software
Secure Uninstallation Phase
Installation Policies
Policy Framework
Policy for Installing Untrusted Packages
Policy for Uninstallation of Untrusted Packages
Installation Policy for Benign Packages
Evaluation
Evaluation of Functionality
Performance Evaluation
Related Work
Conclusion
References
$\sf FluXOR}: Detecting and Monitoring Fast-Flux Service Networks
Introduction
Problem Description and Solution Overview
Characterising Fast-Flux Service Networks
Features Characterising the Domain Name
Features Characterising the Degree of Availability of the Network
Features Characterising the Heterogeneity of the Agents
Combining the Features for Detection
Architecture and Implementation of the System
Collector
Monitor
Detector
Experimental Results
Detection Accuracy
Empirical Analysis of the Fast-Flux Service Networks Phenomenon
Related Work
Conclusion
References
Traffic Aggregation for Malware Detection
Introduction
Related Work
Defining Aggregates
Destination Aggregates
Payload Aggregates
Platform Aggregates
Example Configuration
Evaluation
Data Collection
DetectingMalware
Unknown Aggregates
Discussion and OngoingWork
Conclusion
References
The Contact Surface: A Technique for Exploring Internet Scale Emergent Behaviors
Introduction
Observed Phenomenon
The 2003 Disturbance
The 2004 Disturbance
Hypotheses
Analysis and Simulation
The Minor Spike
Full Subnet Scanning on a /22
Related Work
Conclusions and Acknowledgments
References
The Quest for Multi-headed Worms
Introduction
Problem Statement
The Leurr´e.com Environment
SeminalWork on the Identification of Multi-headed Worms
Complexity Analysis
Methodology
Construction of Filtered Platform Time Series
Groups of Correlated Filtered Platform Time Series
Root Cause Analysis and Hidden Correlations
Results
Overview
Root Causes Analysis
Conclusion
References
A Tool for Offline and Live Testing of Evasion Resilience in Network Intrusion Detection Systems
Introduction
Requirements
Framework Architecture
Overview
Test Case Generation
Offline Evasion Testing
Live Evasion Testing
Initial Experimental Results
Test Cases
NIDS Configurations
Findings
Related Work
Discussion and Future Work
Summary
References
Author Index
![Detection of Intrusions and Malware, and Vulnerability Assessment: 17th International Conference, DIMVA 2020, Lisbon, Portugal, June 24–26, 2020, Proceedings [1st ed.]
9783030526825, 9783030526832](https://dokumen.pub/img/200x200/detection-of-intrusions-and-malware-and-vulnerability-assessment-17th-international-conference-dimva-2020-lisbon-portugal-june-2426-2020-proceedings-1st-ed-9783030526825-9783030526832.jpg)
