«
»

Digging for datastructures (to identify malware)

Anthony Cozzie has built a system for detecting datastructures in applications’ heap memory. In this paper he presents the method and applies it to malware detection. His premise is that data layout is much harder to vary automatically than instructions (polymorphism). Therefore, data offers a better signature than instructions. He verifies this intuition by comparing multiple versions of Kraken and Storm (among others). A great example of generic system’s work applied to security. The full paper at OSDI 2008 can be found here.

Advertisement

This entry was posted on December 8, 2008 at 12:20 and is filed under Systems Security . You can follow any responses to this entry through the RSS 2.0 feed You can skip to the end and leave a response. Pinging is currently not allowed.

Leave a Reply

Please log in using one of these methods to post your comment:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s

Follow

Get every new post delivered to your Inbox.