research-article

Computing the behavior of malicious code with function extraction technology

Authors:

CSIIRW '09: Proceedings of the 5th Annual Workshop on Cyber Security and Information Intelligence Research: Cyber Security and Information Intelligence Challenges and Strategies

Article No.: 36, Pages 1 - 2

https://doi.org/10.1145/1558607.1558648

Published: 13 April 2009 Publication History

Get Access

Abstract

Modern society is irreversibly dependent on computer-based infrastructure systems of astonishing scope and complexity. Yet these systems are increasingly vulnerable to disabling intrusions by adversaries equipped with the knowledge and resources to mount sophisticated attacks [1, 2]. Technical and organizational preparation for major attacks is essential to national security. Preparation takes time and effort, and when a major attack occurs, it is too late to prepare. Preparation must provide capability for fast and precise analysis of the technical structure of an attack as a basis for fast response to limit damage and deploy countermeasures.

References

[1]

National Research Council, Toward a Safer and More Secure Cyberspace, eds. Seymour Goodman and Herbert Lin, National Academies Press, Washington, DC, 2007.

Digital Library

Google Scholar

[2]

Marciniak, J., Linger, R. O'Neill, D. and Salisbury, A., Software 2015: A National Software Strategy to Ensure U.S. Security and Competitiveness, Center for National Software Studies, Washington, DC, April, 2005.

Google Scholar

[3]

S. Prowell, C. Trammell, R. Linger, and J. Poore, Cleanroom Software Engineering: Technology and Process, Addison Wesley, Reading, MA, 1999.

Digital Library

Google Scholar

[4]

Linger, R. and Pleszkoch, M., "Improving Network System Security with Function Extraction Technology for Automated Calculation of Program Behavior," Proceedings of Hawaii International Conference on System Sciences (HICSS-37), Hawaii, January, 2004, IEEE Computer Society Press, Los Alimitos, CA.

Digital Library

Google Scholar

[5]

Burns, L., Hevner, A., Linger, R., Pleszkoch, M., and Walton, G., "Next-Generation Software Engineering: Function Extraction for Computation of Software Behavior," Proceedings of Hawaii International Conference on System Sciences (HICSS-40), IEEE Computer Society Press, Los Alimitos, CA, 2007.

Digital Library

Google Scholar

[6]

Bartholomew, R., Burns, L., Daly, T., Linger, R., and Prowell, S., "Function Extraction: Automated Behavior Computation for Aerospace Software Verification and Certification," AIAA Conference on Information Technology, American Institute of Aeronautics and Astronautics, Monterey, CA, 2007.

Google Scholar

[7]

Pleskoch, M., Linger, R., and Hevner, A., "Introducing Function Extraction into Software Testing," The Data Base for Advances in Information Systems: Special Issue on Software Systems Testing, ACM SIGMIS, New York, NY, 2008.

Digital Library

Google Scholar

[8]

Burns, L. and Daly, T., FXplorer: "Exploration of Computed Behavior: A New Approach to Understanding and Verification," Proceedings of Hawaii International Conference on System Sciences (HICSS-42), IEEE Computer Society Press, Los Alimitos, CA, 2009.

Digital Library

Google Scholar

[9]

Walton, G., Longstaff, T., and Linger, R., "Computational Evaluation of Software Security Attributes," Proceedings of Hawaii International Conference on System Sciences (HICSS-42), IEEE Computer Society Press, Los Alimitos, CA, 2009.

Digital Library

Google Scholar

Cited By

View all

Carter J(2013)Locating executable fragments with Concordia, a scalable, semantics-based architectureProceedings of the Eighth Annual Cyber Security and Information Intelligence Research Workshop10.1145/2459976.2460004(1-4)Online publication date: 8-Jan-2013
https://dl.acm.org/doi/10.1145/2459976.2460004
Carter J(2011)An architecture for ConcordiaProceedings of the Seventh Annual Workshop on Cyber Security and Information Intelligence Research10.1145/2179298.2179353(1-1)Online publication date: 12-Oct-2011
https://dl.acm.org/doi/10.1145/2179298.2179353
Chaki SCohen CGurfinkel AApte CGhosh JSmyth P(2011)Supervised learning for provenance-similarity of binariesProceedings of the 17th ACM SIGKDD international conference on Knowledge discovery and data mining10.1145/2020408.2020419(15-23)Online publication date: 21-Aug-2011
https://dl.acm.org/doi/10.1145/2020408.2020419

Index Terms

Computing the behavior of malicious code with function extraction technology

Recommendations

Efficient detection of the return-oriented programming malicious code
ICISS'10: Proceedings of the 6th international conference on Information systems security

Return-Oriented Programming (ROP) is a code-reuse technique which helps the attacker construct malicious code by using the instruction snippets in existing libraries/executables. Such technique makes the ROP program contain no malicious instructions. ...
Malicious JavaScript Insertion through ARP Poisoning Attacks

Details about ARP poisoning attacks as well as countermeasures have been known for years. Yet, most networks are still vulnerable to these attacks because they haven't implemented defenses. This article explains how ARP poisoning attacks work and ...
Thwarting malicious and selfish behavior in commodity wi-fi networks

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

CSIIRW '09: Proceedings of the 5th Annual Workshop on Cyber Security and Information Intelligence Research: Cyber Security and Information Intelligence Challenges and Strategies

April 2009

952 pages

ISBN:9781605585185

DOI:10.1145/1558607

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 13 April 2009

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Qualifiers

Research-article

Conference

CSIIRW '09

CSIIRW '09: Fifth Cyber Security and Information Intelligence Research Workshop

April 13 - 15, 2009

Tennessee, Oak Ridge, USA

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

3
Total Citations
View Citations
192
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 16 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Carter J(2013)Locating executable fragments with Concordia, a scalable, semantics-based architectureProceedings of the Eighth Annual Cyber Security and Information Intelligence Research Workshop10.1145/2459976.2460004(1-4)Online publication date: 8-Jan-2013
https://dl.acm.org/doi/10.1145/2459976.2460004
Carter J(2011)An architecture for ConcordiaProceedings of the Seventh Annual Workshop on Cyber Security and Information Intelligence Research10.1145/2179298.2179353(1-1)Online publication date: 12-Oct-2011
https://dl.acm.org/doi/10.1145/2179298.2179353
Chaki SCohen CGurfinkel AApte CGhosh JSmyth P(2011)Supervised learning for provenance-similarity of binariesProceedings of the 17th ACM SIGKDD international conference on Knowledge discovery and data mining10.1145/2020408.2020419(15-23)Online publication date: 21-Aug-2011
https://dl.acm.org/doi/10.1145/2020408.2020419

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Index Terms

Recommendations

Efficient detection of the return-oriented programming malicious code

Malicious JavaScript Insertion through ARP Poisoning Attacks

Thwarting malicious and selfish behavior in commodity wi-fi networks