| IEICE Technical Committee Submission System Conference Paper's Information |
Online Proceedings [Sign in] Tech. Rep. Archives |
| Go Top Page | Go Previous | [Japanese] / [English] |
| Paper Abstract and Keywords | ||
| Presentation | 2010-11-05 16:25 A Shellcode Analysis Method using CPU emulator and Dynamic Binary Instrumentation Chiaki Jimbo, Katsunari Yoshioka, Junji Shikata, Tsutomu Matsumoto (Yokohama National Univ.), Masashi Eto, Daisuke Inoue, Koji Nakao (NICT)  ICSS2010-54 |
|
| Abstract | (in Japanese) | (See Japanese page) |
| (in English) | The epidemic of Conficker shows that remote exploit attack is still one of the most serious threats on the computer systems. Detecting the presence of these attacks in network traffic has been a major focus of the security community. Detecting remote exploit attacks, however, is not always sufficient to mitigate the threat, and it is also important to understand what these attacks do to the target systems. In this paper, we propose a shellcode analysis method, which utilizes CPU emulator for detecting shellcodes, and analyzes them in detail by tracing its execution on real Windows OS using Dynamic Binary Instrumentation. In the method, we automatically analyze and classify shellcodes according to their characteristic components such as NOP sled, decoder, and content of payload including API calls. | |
| Keyword | (in Japanese) | (See Japanese page) |
| (in English) | Remote exploit attacks / Shellcode / Analysis and Classification / CPU emulation / Dynamic Binary Instrumentation / / / | |
| Reference Info. | IEICE Tech. Rep., vol. 110, no. 266, ICSS2010-54, pp. 59-64, Nov. 2010. | |
| Paper # | ICSS2010-54 | |
| Date of Issue | 2010-10-29 (ICSS) | |
| ISSN | Print edition: ISSN 0913-5685 Online edition: ISSN 2432-6380 | |
| Copyright and reproduction |
All rights are reserved and no part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopy, recording, or any information storage and retrieval system, without permission in writing from the publisher. Notwithstanding, instructors are permitted to photocopy isolated articles for noncommercial classroom use without fee. (License No.: 10GA0019/12GB0052/13GB0056/17GB0034/18GB0034) | |
| Download PDF | ICSS2010-54 |
|
| Conference Information | |
| Committee | ICSS |
| Conference Date | 2010-11-05 - 2010-11-05 |
| Place (in Japanese) | (See Japanese page) |
| Place (in English) | Hiroshima City University |
| Topics (in Japanese) | (See Japanese page) |
| Topics (in English) | General |
| Paper Information | |
| Registration To | ICSS |
| Conference Code | 2010-11-ICSS |
| Language | Japanese |
| Title (in Japanese) | (See Japanese page) |
| Sub Title (in Japanese) | (See Japanese page) |
| Title (in English) | A Shellcode Analysis Method using CPU emulator and Dynamic Binary Instrumentation |
| Sub Title (in English) | |
| Keyword(1) | Remote exploit attacks |
| Keyword(2) | Shellcode |
| Keyword(3) | Analysis and Classification |
| Keyword(4) | CPU emulation |
| Keyword(5) | Dynamic Binary Instrumentation |
| Keyword(6) | |
| Keyword(7) | |
| Keyword(8) | |
| 1st Author's Name | Chiaki Jimbo |
| 1st Author's Affiliation | Yokohama National University (Yokohama National Univ.) |
| 2nd Author's Name | Katsunari Yoshioka |
| 2nd Author's Affiliation | Yokohama National University (Yokohama National Univ.) |
| 3rd Author's Name | Junji Shikata |
| 3rd Author's Affiliation | Yokohama National University (Yokohama National Univ.) |
| 4th Author's Name | Tsutomu Matsumoto |
| 4th Author's Affiliation | Yokohama National University (Yokohama National Univ.) |
| 5th Author's Name | Masashi Eto |
| 5th Author's Affiliation | National Institute of Information and Communications Technology (NICT) |
| 6th Author's Name | Daisuke Inoue |
| 6th Author's Affiliation | National Institute of Information and Communications Technology (NICT) |
| 7th Author's Name | Koji Nakao |
| 7th Author's Affiliation | National Institute of Information and Communications Technology (NICT) |
| 8th Author's Name | |
| 8th Author's Affiliation | () |
| 9th Author's Name | |
| 9th Author's Affiliation | () |
| 10th Author's Name | |
| 10th Author's Affiliation | () |
| 11th Author's Name | |
| 11th Author's Affiliation | () |
| 12th Author's Name | |
| 12th Author's Affiliation | () |
| 13th Author's Name | |
| 13th Author's Affiliation | () |
| 14th Author's Name | |
| 14th Author's Affiliation | () |
| 15th Author's Name | |
| 15th Author's Affiliation | () |
| 16th Author's Name | |
| 16th Author's Affiliation | () |
| 17th Author's Name | |
| 17th Author's Affiliation | () |
| 18th Author's Name | |
| 18th Author's Affiliation | () |
| Speaker | Author-1 |
| Date Time | 2010-11-05 16:25:00 |
| Presentation Time | 25 minutes |
| Registration for | ICSS |
| Paper # | ICSS2010-54 |
| Volume (vol) | vol.110 |
| Number (no) | no.266 |
| Page | pp.59-64 |
| #Pages | 6 |
| Date of Issue | 2010-10-29 (ICSS) |
[Return to Top Page]