Static Analysis on X86 Executables for Preventing Automatic Mimicry Attacks

Download Now Free registration required

Executive Summary

In 2005, Kruegel et al. proposed a variation of the traditional mimicry attack, to which the authors will refer to as automatic mimicry, which can defeat existing system call based HIDS models. They show how such an attack can be defeated by using information provided by the Inter-procedural Control Flow Graph (ICFG). Roughly speaking, by exploiting the ICFG of a protected binary, they propose a strategy based on the use of static analysis techniques which is able to localize critical regions inside a program, which are segments of code that could be used for exploiting an automatic mimicry attack.

  • Format: PDF
  • Size: 419.09 KB