{"title":"Shellfier","authors":"Yue Pan, Jing An, Wenqing Fan, Wei Huang","doi":"10.1145/3316615.3316731","DOIUrl":null,"url":null,"abstract":"An important method of detecting zero-day attacks is to identify the shellcode which is usually taken as part of the attacks. It is vital to detect programs that have the characteristics of shellcode behavior in the network traffic detection. In this paper, a shellcode detection method named Shellfier based on Dynamic Binary Instrumentation and Convolutional Neural Network (CNN) is proposed. The method of program instrumentation can obtain the behavior characteristics of shellcode in fine-grained manner. The CNN algorithm trains and classifies the sample data, and compares the classification effect of Support Vector Machine (SVM) algorithm based on n-grams model to extract feature vectors. The experimental results show that CNN has strong representation ability for behavioral characteristics, which is more accurate than SVM classification, and the false positive rate and vulnerability rate are lower.","PeriodicalId":268392,"journal":{"name":"Proceedings of the 2019 8th International Conference on Software and Computer Applications","volume":"200 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-02-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"Shellfier\",\"authors\":\"Yue Pan, Jing An, Wenqing Fan, Wei Huang\",\"doi\":\"10.1145/3316615.3316731\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"An important method of detecting zero-day attacks is to identify the shellcode which is usually taken as part of the attacks. It is vital to detect programs that have the characteristics of shellcode behavior in the network traffic detection. In this paper, a shellcode detection method named Shellfier based on Dynamic Binary Instrumentation and Convolutional Neural Network (CNN) is proposed. The method of program instrumentation can obtain the behavior characteristics of shellcode in fine-grained manner. The CNN algorithm trains and classifies the sample data, and compares the classification effect of Support Vector Machine (SVM) algorithm based on n-grams model to extract feature vectors. The experimental results show that CNN has strong representation ability for behavioral characteristics, which is more accurate than SVM classification, and the false positive rate and vulnerability rate are lower.\",\"PeriodicalId\":268392,\"journal\":{\"name\":\"Proceedings of the 2019 8th International Conference on Software and Computer Applications\",\"volume\":\"200 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2019-02-19\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 2019 8th International Conference on Software and Computer Applications\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3316615.3316731\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 2019 8th International Conference on Software and Computer Applications","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3316615.3316731","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
An important method of detecting zero-day attacks is to identify the shellcode which is usually taken as part of the attacks. It is vital to detect programs that have the characteristics of shellcode behavior in the network traffic detection. In this paper, a shellcode detection method named Shellfier based on Dynamic Binary Instrumentation and Convolutional Neural Network (CNN) is proposed. The method of program instrumentation can obtain the behavior characteristics of shellcode in fine-grained manner. The CNN algorithm trains and classifies the sample data, and compares the classification effect of Support Vector Machine (SVM) algorithm based on n-grams model to extract feature vectors. The experimental results show that CNN has strong representation ability for behavioral characteristics, which is more accurate than SVM classification, and the false positive rate and vulnerability rate are lower.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
