A Robust Behavior Modeling for Detecting Hard-Coded Address Contained Shellcodes

Date Added: Oct 2013
Format: PDF

Now-a-days, code injection is one of the most dangerous cyber attacks. Shellcode is a malicious code which is used in this type of attack. Processor emulation at network level is one of the best proposed methods against code injection attacks. Multiple run-time heuristics have been discussed in previous researches. However, none of them can detect those shellcodes in which hard-coded addresses are used. This type of shellcode cannot be used against ASLR-enabled Windows. Howbeit, older versions of Windows have still too many users. In addition, there are several hard-coded address contained shellcodes in public shellcode repositories which can be used easily by dummy hackers.