Protecting Web Services From Remote Exploit Code: A Static Analysis Approach

This paper proposes STILL, a real-time, out-of-the-box, signature-free, remote exploit binary code injection attack blocker to protect web servers. STILL is motivated by an important observation that the request messages to web servers are exclusively data and not binary executable code. Since remote exploits are typically binary executable code, this observation indicates that if one can precisely distinguish (service requesting) messages that contain binary code from those that do not contain any binary code, one can protect web servers as well as other Internet services (which accept data only) from binary code-injection attacks by blocking the messages that contain binary code.