Filters








100 Hits in 6.0 sec

Can We Generate Shellcodes via Natural Language? An Empirical Study [article]

Pietro Liguori, Erfan Al-Hossami, Domenico Cotroneo, Roberto Natella, Bojan Cukic, Samira Shaikh
2022 arXiv   pre-print
We then present an empirical study using a novel dataset (Shellcode_IA32), which consists of 3,200 assembly code snippets of real Linux/x86 shellcodes from public databases, annotated using natural language  ...  The empirical analysis shows that NMT can generate assembly code snippets from the natural language with high accuracy and that in many cases can generate entire shellcodes with no errors.  ...  To prove the feasibility of the approach, the authors performed an empirical study on five open source projects, showing that Ratchet can generate syntactically valid statements with high accuracy.  ... 
arXiv:2202.03755v1 fatcat:34g6mtgqwvh4vkm5mrzqsjt5si

An Empirical Study of Developers' Discussions about Security Challenges of Different Programming Languages [article]

Roland Croft, Yongzheng Xie, Mansooreh Zahedi, M. Ali Babar, Christoph Treude
2021
We have performed a large-scale study of the security challenges of 15 programming languages by quantitatively and qualitatively analysing the developers' discussions from Stack Overflow and GitHub.  ...  This study highlights the importance of the choice of technology, e.g., programming language, in secure software engineering.  ...  However, this assertion can be correct for several other similar empirical studies.  ... 
doi:10.48550/arxiv.2107.13723 fatcat:qkgh4mcisva2ba4wygnlvshb74

Unsupervised Anomaly-Based Malware Detection Using Hardware Features [chapter]

Adrian Tang, Simha Sethumadhavan, Salvatore J. Stolfo
2014 Lecture Notes in Computer Science  
In this work, we advance the use of hardware supported lower-level features to detecting malware exploitation in an anomaly-based detector.  ...  As we show empirically, the microarchitectural characteristics of benign programs are noisy, and the deviations exhibited by malware exploits are minute.  ...  We thank anonymous reviewers for feedback on this work. This work is supported by grants FA 865011C7190, FA 87501020253, CCF/SaTC 1054844 and a fellowship from the Alfred P. Sloan Foundation.  ... 
doi:10.1007/978-3-319-11379-1_6 fatcat:67z7oo2r5rge7b63tvkmdfmnym

On the infeasibility of modeling polymorphic shellcode

Yingbo Song, Michael E. Locasto, Angelos Stavrou, Angelos D. Keromytis, Salvatore J. Stolfo
2009 Machine Learning  
Current trends demonstrate an increasing use of polymorphism by attackers to disguise their exploits.  ...  In this paper, we present a quantitative analysis of the strengths and limitations of shellcode polymorphism, and describe the impact that these techniques have in the context of learning-based IDS systems  ...  As an illustration of the difficulty of creating vulnerability signatures, Crandall et al. (2005a) discuss generating high quality vulnerability signatures via an empirical study of the behavior of polymorphic  ... 
doi:10.1007/s10994-009-5143-5 fatcat:276btutmgbcjndwmka5gtyyzxi

On the infeasibility of modeling polymorphic shellcode

Yingbo Song, Michael E. Locasto, Angelos Stavrou, Angelos D. Keromytis, Salvatore J. Stolfo
2007 Proceedings of the 14th ACM conference on Computer and communications security - CCS '07  
Current trends demonstrate an increasing use of polymorphism by attackers to disguise their exploits.  ...  In this paper, we present a quantitative analysis of the strengths and limitations of shellcode polymorphism, and describe the impact that these techniques have in the context of learning-based IDS systems  ...  As an illustration of the difficulty of creating vulnerability signatures, Crandall et al. (2005a) discuss generating high quality vulnerability signatures via an empirical study of the behavior of polymorphic  ... 
doi:10.1145/1315245.1315312 dblp:conf/ccs/SongLSKS07 fatcat:ebnrlydq6ncttbajrrz3icuroe

Known/Chosen Key Attacks against Software Instruction Set Randomization

Yoav Weiss, Elena Barrantes
2006 Proceedings of the Computer Security Applications Conference  
In order to enable the design of a production version, we describe implementation-specific and generic vulnerabilities that can be used to overcome RISE in its current form.  ...  weaknesses to allow the attacker to define its own key,or otherwise affect key generation; and key-guessing ("bruteforce") attacks, about which we explore the design of minimalistic loaders which can  ...  First, we need to cause RISE to generate a mask for a writable page, then, after stealing the mask, we need to inject the (masked) shellcode into the target page.  ... 
doi:10.1109/acsac.2006.33 dblp:conf/acsac/WeissB06 fatcat:6c4z43hpcngxrisz2nrc74remq

Down to the bare metal

Carsten Willems, Ralf Hund, Andreas Fobian, Dennis Felsch, Thorsten Holz, Amit Vasudevan
2012 Proceedings of the 28th Annual Computer Security Applications Conference on - ACSAC '12  
In this paper, we focus on two aspects. As a first contribution, we introduce several novel mechanisms by which an attacker can delude an emulator.  ...  Motivated by these findings, we introduce a novel approach to generate execution traces. We propose to utilize the processor itself to generate such traces.  ...  Due to this fact, we were not able to test all of them in an empirical evaluation.  ... 
doi:10.1145/2420950.2420980 dblp:conf/acsac/WillemsHFFHV12 fatcat:jrmfh4rionf6tohxqzoqgimk6y

SigFree: A Signature-Free Buffer Overflow Attack Blocker

Xinran Wang, Chi-Chun Pan, Peng Liu, Sencun Zhu
2010 IEEE Transactions on Dependable and Secure Computing  
We propose SigFree, an online signature-free out-of-the-box application-layer method for blocking code-injection buffer overflow attack messages targeting at various Internet services such as web service  ...  We implemented and tested SigFree; our experimental study shows that the dependency-degree-based SigFree could block all types of code-injection attack packets (above 750) tested in our experiments with  ...  We will study this portability issue in our future work. Finally, as a generic technique, SigFree can also block other types of attacks as long as the attacks perform binary code injection.  ... 
doi:10.1109/tdsc.2008.30 fatcat:eppgfbapjjcfrapemva6i3dzne

The Nepenthes Platform: An Efficient Approach to Collect Malware [chapter]

Paul Baecher, Markus Koetter, Thorsten Holz, Maximillian Dornseif, Felix Freiling
2006 Lecture Notes in Computer Science  
Using the nepenthes platform we and several other organizations were able to greatly broaden the empirical basis of data available about self-replicating malware and provide thousands of samples of previously  ...  This leads to an efficient and effective solution that offers many advantages compared to other honeypot-based solutions.  ...  These modules analyze the received shellcode, an assembly language program, and extract information about the propagating malware from it.  ... 
doi:10.1007/11856214_9 fatcat:qaydx546ezhp5gi2o5f2fcc2lq

Recent Advances in Neural Text Generation: A Task-Agnostic Survey [article]

Chen Tang, Frank Guerin, Yucheng Li, Chenghua Lin
2022 arXiv   pre-print
In recent years much effort has been devoted to applying neural models to the task of natural language generation.  ...  The challenge is to generate natural human-like text, and to control the generation process. This paper presents a task-agnostic survey of recent advances in neural text generation.  ...  In this survey, we provide an overview of neural text generation via summarising the papers mainly published within the last 5 years 1 .  ... 
arXiv:2203.03047v1 fatcat:iupgvcw2hbge5ioy6quiotnra4

Villani at SemEval-2018 Task 8: Semantic Extraction from Cybersecurity Reports using Representation Learning

Pablo Loyola, Kugamoorthy Gajananan, Yuji Watanabe, Fumiko Satoh
2018 Proceedings of The 12th International Workshop on Semantic Evaluation  
The goal is to explore if natural language processing methods can provide relevant and actionable knowledge to contribute to better understand malicious behavior.  ...  In the due process we also present ablation studies across multiple embeddings and their level of representation and also report the strategies we used to mitigate the extreme imbalance between classes  ...  For the empirical study, we experimented with both the original validation set and the proposed variation.  ... 
doi:10.18653/v1/s18-1143 dblp:conf/semeval/LoyolaGWS18 fatcat:3floblovyrcp5ig7xky2w7hmcq

A Planning Approach to Monitoring Behavior of Computer Programs [article]

Alexandre Cukier, Ronen I. Brafman, Yotam Perkal, David Tolpin
2017 arXiv   pre-print
We approach this problem by building an abstract model of the operating system using the STRIPS planning language, casting system calls as planning operators.  ...  Given a system call trace, we simulate the corresponding operators on our model and by observing the properties of the state reached, we learn about the nature of the original program and its behavior.  ...  Instead, we propose a methodology that uses an abstract system model based on AI-planning languages and models.  ... 
arXiv:1709.03363v1 fatcat:m6zkn5la3fgexccylgvoz3rfg4

RIPE

John Wilander, Nick Nikiforakis, Yves Younan, Mariam Kamkar, Wouter Joosen
2011 Proceedings of the 27th Annual Computer Security Applications Conference on - ACSAC '11  
In order to test RIPE we use it to empirically evaluate some of the newer prevention techniques.  ...  In this paper we present RIPE, an extension of Wilander's and Kamkar's testbed which covers 850 attack forms.  ...  We are grateful to the readers who have previewed and improved our paper, especially Martin Johns.  ... 
doi:10.1145/2076732.2076739 dblp:conf/acsac/WilanderNYKJ11 fatcat:pra6xkfdrvd7domk5rrqzclxie

Improving the Classification Effectiveness of Intrusion Detection by Using Improved Conditional Variational AutoEncoder and Deep Neural Network

Yanqing Yang, Kangfeng Zheng, Chunhua Wu, Yixian Yang
2019 Sensors  
We propose a novel intrusion detection model that combines an improved conditional variational AutoEncoder (ICVAE) with a deep neural network (DNN), namely ICVAE-DNN.  ...  Intrusion detection systems play an important role in preventing security threats and protecting networks from attacks.  ...  Deep learning is widely applied in many fields of artificial intelligence, including speech processing, computer vision, natural language processing and so on.  ... 
doi:10.3390/s19112528 fatcat:4ewnikld6vc6xm6y4pbwdi65na

RCNF: Real-time Collaborative Network Forensic Scheme for Evidence Analysis [article]

Nour Moustafa, Jill Slay
2017 arXiv   pre-print
We provide a case study using the UNSW-NB15 dataset for evaluating the scheme, showing its high performance in terms of accuracy and false alarm rate compared with three recent state-of-the-art mechanisms  ...  This paper suggests a real-time collaborative network Forensic scheme (RCNF) that can monitor and investigate cyber intrusions.  ...  In this study, we propose a Real-time Collaborative Network Forensic scheme (RCNF) that can monitor and track the origins of cyber attacks. The scheme involves three components.  ... 
arXiv:1711.02824v1 fatcat:fgoyoq5gura53ft6sqdpturcka
« Previous Showing results 1 — 15 out of 100 results