Function Call Mechanism Based Executable Code Detection for the Network Security

Daewon Kim; Jintae Oh; Jongsoo Jang; Yangseo Choi; Ikkyun Kim

doi:10.1109/SAINT.2008.13

S
SAINT
2008
2008 International Symposium on Applications and the Internet
Abstract - Function Call Mechanism Based Executable Code Detection for the Network Security

	This Article
	Subscribers, please Login Purchase article: $19 PDF IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/EndNote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Daewon Kim Articles by Yangseo Choi Articles by Ikkyun Kim Articles by Jintae Oh Articles by Jongsoo Jang

2008 International Symposium on Applications and the Internet

Function Call Mechanism Based Executable Code Detection for the Network Security

July 28-August 01

ISBN: 978-0-7695-3297-4

	ASCII Text	x
	Daewon Kim, Yangseo Choi, Ikkyun Kim, Jintae Oh, Jongsoo Jang, "Function Call Mechanism Based Executable Code Detection for the Network Security," 2012 IEEE/IPSJ 12th International Symposium on Applications and the Internet, pp. 62-67, 2008 International Symposium on Applications and the Internet, 2008.

	BibTex	x
	@article{ 10.1109/SAINT.2008.13, author = {Daewon Kim and Yangseo Choi and Ikkyun Kim and Jintae Oh and Jongsoo Jang}, title = {Function Call Mechanism Based Executable Code Detection for the Network Security}, journal ={2012 IEEE/IPSJ 12th International Symposium on Applications and the Internet}, volume = {0}, year = {2008}, isbn = {978-0-7695-3297-4}, pages = {62-67}, doi = {http://doi.ieeecomputersociety.org/10.1109/SAINT.2008.13}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - 2012 IEEE/IPSJ 12th International Symposium on Applications and the Internet TI - Function Call Mechanism Based Executable Code Detection for the Network Security SN - 978-0-7695-3297-4 SP62 EP67 A1 - Daewon Kim, A1 - Yangseo Choi, A1 - Ikkyun Kim, A1 - Jintae Oh, A1 - Jongsoo Jang, PY - 2008 KW - network KW - security KW - shellcode KW - exploit VL - 0 JA - 2012 IEEE/IPSJ 12th International Symposium on Applications and the Internet ER -

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/SAINT.2008.13

The general method in which attackers obtain the control authority of the remote host is through the exploit code. Motivated by the viewpoint that the exploit code normally contains some executable codes, we propose a method of detecting the executable codes included in packets for the network security. Because some parts in the executable codes essentially include the function call related instruction patterns, we propose an approach detecting the instruction patterns following the function call mechanism. We have implemented a prototype and evaluated it against a variety of the executable and non-executable codes. The results show that the proposed method properly classifies the executable and non-executable codes.

Index Terms:

network, security, shellcode, exploit

Citation:

Daewon Kim, Yangseo Choi, Ikkyun Kim, Jintae Oh, Jongsoo Jang, "Function Call Mechanism Based Executable Code Detection for the Network Security," saint, pp.62-67, 2008 International Symposium on Applications and the Internet, 2008

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.