Detecting Privilege-Escalating Executable Exploits

نویسندگان

  • Jesse C. Rabek
  • Robert K. Cunningham
  • Roger I. Khazan
چکیده

The Lincoln Laboratory Malicious Code Detector (LIMACODE) is a system for statically detecting privilege-escalating exploits in data streams, such as files and network traffic. LIMACODE operates as follows: it scans data streams, identifies the language of the stream, then extracts language-specific features for input to a feed-forward neural network classifier which labels the stream as either malicious or benign. LIMACODE is designed to be a relatively lightweight system that can classify a large number of streams quickly so as to be deployed at sites where new data streams (e.g., software) appear frequently. This paper describes a part of LIMACODE that detects privilege-escalating exploits embedded in UNIX Executable and Linking Format (ELF) files; the detectors for C and shell code exploits were described earlier elsewhere.

برای دانلود رایگان متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Automatic Generation of Data-Oriented Exploits

As defense solutions against control-flow hijacking attacks gain wide deployment, control-oriented exploits from memory errors become difficult. As an alternative, attacks targeting non-control data do not require diverting the application’s control flow during an attack. Although it is known that such data-oriented attacks can mount significant damage, no systematic methods to automatically co...

متن کامل

A Methodology for Detecting New Binary Rootkit Exploits

Hackers who gain root privilege on a computer system usually want to maintain this level of privilege for future exploits. They do not want to have to go through the steps to regain this level of privilege because of the effort involved and the increased risk of being discovered as well as the possibility that the original exploit used to gain root access gets patched. A hacker who gains access...

متن کامل

A New Vulnerability Taxonomy Based on Privilege Escalation

Computer security vulnerabilities badly compromise the system security. To profoundly understand the causes of known vulnerabilities and prevent them, this paper develops a new taxonomic character, and then integrates a privilege-escalating based vulnerability taxonomy with multidimensional quantitative attribute. This taxonomy greatly contributes to further researches of security risk assessme...

متن کامل

A Scheme of PE Virus Detection Using Fragile Software Watermarking Technique

It is a difficult issue in the anti-virus field about how to detect unknown and packed PE (Portable Executable) viruses effectively, and existing schemes for anti-virus detection are dissatisfactory. Based on an analysis of the logical structures of Windows PE file and PE virus, a new method of PE virus detection is presented here, which exploits fragile software watermarking technique for viru...

متن کامل

Taint-Enhanced Policy Enforcement: A Practical Approach to Defeat a Wide Range of Attacks

Policy-based confinement, employed in SELinux and specification-based intrusion detection systems, is a popular approach for defending against exploitation of vulnerabilities in benign software. Conventional access control policies employed in these approaches are effective in detecting privilege escalation attacks. However, they are unable to detect attacks that “hijack” legitimate access priv...

متن کامل

ذخیره در منابع من

ذخیره در منابع من قبلا به منابع من ذحیره شده

{@ msg_add @}


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2003