{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,4,19]],"date-time":"2025-04-19T05:08:10Z","timestamp":1745039290120},"publisher-location":"Berlin, Heidelberg","reference-count":35,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783540743194"},{"type":"electronic","value":"9783540743200"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"DOI":"10.1007\/978-3-540-74320-0_5","type":"book-chapter","created":{"date-parts":[[2007,8,16]],"date-time":"2007-08-16T13:47:48Z","timestamp":1187272068000},"page":"87-106","source":"Crossref","is-referenced-by-count":29,"title":["Emulation-Based Detection of Non-self-contained Polymorphic Shellcode"],"prefix":"10.1007","author":[{"given":"Michalis","family":"Polychronakis","sequence":"first","affiliation":[]},{"given":"Kostas G.","family":"Anagnostakis","sequence":"additional","affiliation":[]},{"given":"Evangelos P.","family":"Markatos","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"unstructured":"Metasploit project (2006), \n                    \n                      http:\/\/www.metasploit.com\/","key":"5_CR1"},{"doi-asserted-by":"crossref","unstructured":"Akritidis, P., Markatos, E.P., Polychronakis, M., Anagnostakis, K.: STRIDE: Polymorphic sled detection through instruction sequence analysis. In: Proceedings of the 20th IFIP International Information Security Conference (IFIP\/SEC) (June 2005)","key":"5_CR2","DOI":"10.1007\/0-387-25660-1_25"},{"unstructured":"Anagnostakis, K., Sidiroglou, S., Akritidis, P., Xinidis, K., Markatos, E., Keromytis, A.D.: Detecting targeted attacks using shadow honeypots. In: Proceedings of the 14th USENIX Security Symposium, August 2005, pp. 129\u2013144 (2005)","key":"5_CR3"},{"unstructured":"Bania, P.: TAPiON (2005), \n                    \n                      http:\/\/pb.specialised.info\/all\/tapion\/","key":"5_CR4"},{"unstructured":"Bania, P.: Windows Syscall Shellcode (2005), \n                    \n                      http:\/\/www.securityfocus.com\/infocus\/1844","key":"5_CR5"},{"unstructured":"Bellard, F.: QEMU, a fast and portable dynamic translator. In: Proceedings of the USENIX Annual Technical Conference, FREENIX Track, pp. 41\u201346 (2005)","key":"5_CR6"},{"unstructured":"Bellovin, S.M.: There be dragons. In: Proceedings of the Third USENIX UNIX Security Symposium, pp. 1\u201316 (1992)","key":"5_CR7"},{"key":"5_CR8","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","DOI":"10.1007\/11663812_15","volume-title":"Recent Advances in Intrusion Detection","author":"R. Chinchani","year":"2006","unstructured":"Chinchani, R., Berg, E.V.D.: A fast static analysis approach to detect exploit code inside network flows. In: Valdes, A., Zamboni, D. (eds.) RAID 2005. LNCS, vol.\u00a03858, Springer, Heidelberg (2006)"},{"unstructured":"Detristan, T., Ulenspiegel, T., Malcom, Y., Underduk, M.: Polymorphic shellcode engine using spectrum analysis. Phrack\u00a011(61) (August 2003)","key":"5_CR9"},{"key":"5_CR10","series-title":"Lecture Notes in Computer Science","volume-title":"Intrusion and Malware Detection and Vulnerability Assessment","author":"H. Dreger","year":"2005","unstructured":"Dreger, H., Kreibich, C., Paxson, V., Sommer, R.: Enhancing the accuracy of network-based intrusion detection with host-based context. In: Julisch, K., Kr\u00fcgel, C. (eds.) DIMVA 2005. LNCS, vol.\u00a03548, Springer, Heidelberg (2005)"},{"unstructured":"Eller, R.: Bypassing MSB Data Filters for Buffer Overflow Exploits on Intel Platforms, \n                    \n                      http:\/\/community.core-sdi.com\/~juliano\/bypass-msb.txt","key":"5_CR11"},{"unstructured":"Fogla, P., Sharif, M., Perdisci, R., Kolesnikov, O., Lee, W.: Polymorphic blending attacks. In: Proceedings of the 15th USENIX Security Symposium (2006)","key":"5_CR12"},{"unstructured":"K2: ADMmutate (2001), \n                    \n                      http:\/\/www.ktwo.ca\/ADMmutate-0.8.4.tar.gz","key":"5_CR13"},{"unstructured":"Kim, H.-A., Karp, B.: Autograph: Toward automated, distributed worm signature detection. In: Proceedings of the 13th USENIX Security Symposium, pp. 271\u2013286 (2004)","key":"5_CR14"},{"key":"5_CR15","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","DOI":"10.1007\/11663812_11","volume-title":"Recent Advances in Intrusion Detection","author":"C. Kruegel","year":"2006","unstructured":"Kruegel, C., Kirda, E., Mutz, D., Robertson, W., Vigna, G.: Polymorphic worm detection using structural information of executables. In: Valdes, A., Zamboni, D. (eds.) RAID 2005. LNCS, vol.\u00a03858, Springer, Heidelberg (2006)"},{"key":"5_CR16","first-page":"32","volume-title":"Proceedings of the 2006 IEEE Symposium on Security and Privacy","author":"Z. Li","year":"2006","unstructured":"Li, Z., Sanghi, M., Chen, Y., Kao, M.-Y., Chavez, B.: Hamsa: Fast signature generation for zero-day polymorphic worms with provable attack resilience. In: Proceedings of the 2006 IEEE Symposium on Security and Privacy, pp. 32\u201347. IEEE Computer Society Press, Los Alamitos (2006)"},{"key":"5_CR17","doi-asserted-by":"publisher","first-page":"53","DOI":"10.1145\/1177080.1177087","volume-title":"Proceedings of the 6th ACM SIGCOMM on Internet measurement (IMC)","author":"J. Ma","year":"2006","unstructured":"Ma, J., Dunagan, J., Wang, H.J., Savage, S., Voelker, G.M.: Finding diversity in remote code injection exploits. In: Proceedings of the 6th ACM SIGCOMM on Internet measurement (IMC), pp. 53\u201364. ACM Press, New York (2006)"},{"key":"5_CR18","first-page":"226","volume-title":"Proceedings of the IEEE Security & Privacy Symposium","author":"J. Newsome","year":"2005","unstructured":"Newsome, J., Karp, B., Song, D.: Polygraph: Automatically generating signatures for polymorphic worms. In: Proceedings of the IEEE Security & Privacy Symposium, May 2005, pp. 226\u2013241. IEEE Computer Society Press, Los Alamitos (2005)"},{"key":"5_CR19","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","DOI":"10.1007\/11856214_5","volume-title":"Recent Advances in Intrusion Detection","author":"J. Newsome","year":"2006","unstructured":"Newsome, J., Karp, B., Song, D.: Paragraph: Thwarting signature learning by training maliciously. In: Zamboni, D., Kruegel, C. (eds.) RAID 2006. LNCS, vol.\u00a04219, Springer, Heidelberg (2006)"},{"unstructured":"Obscou: Building IA32 \u2018unicode-proof\u2019 shellcodes. Phrack 11(61) (August 2003)","key":"5_CR20"},{"key":"5_CR21","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"19","DOI":"10.1007\/11506881_2","volume-title":"Intrusion and Malware Detection and Vulnerability Assessment","author":"U. Payer","year":"2005","unstructured":"Payer, U., Teufl, P., Lamberger, M.: Hybrid engine for polymorphic shellcode detection. In: Julisch, K., Kr\u00fcgel, C. (eds.) DIMVA 2005. LNCS, vol.\u00a03548, pp. 19\u201331. Springer, Heidelberg (2005)"},{"key":"5_CR22","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"54","DOI":"10.1007\/11790754_4","volume-title":"Detection of Intrusions and Malware & Vulnerability Assessment","author":"M. Polychronakis","year":"2006","unstructured":"Polychronakis, M., Markatos, E.P., Anagnostakis, K.G.: Network-level polymorphic shellcode detection using emulation. In: B\u00fcschkes, R., Laskov, P. (eds.) DIMVA 2006. LNCS, vol.\u00a04064, pp. 54\u201373. Springer, Heidelberg (2006)"},{"unstructured":"Rix: Writing IA32 alphanumeric shellcodes. Phrack\u00a011(57) (August 2001)","key":"5_CR23"},{"unstructured":"Singh, S., Estan, C., Varghese, G., Savage, S.: Automated worm fingerprinting. In: Proc. of the 6th Symposium on Operating Systems Design & Implementation (OSDI) (December 2004)","key":"5_CR24"},{"unstructured":"sk: History and Advances in Windows Shellcode. Phrack\u00a011(62) (July 2004)","key":"5_CR25"},{"unstructured":"Skape: Shellcode text encoding utility for 7bit shellcode, \n                    \n                      http:\/\/www.hick.org\/code\/skape\/nologin\/encode\/encode.c","key":"5_CR26"},{"unstructured":"Skape: Implementing a Custom x86 Encoder. Uninformed\u00a05 (September 2006)","key":"5_CR27"},{"unstructured":"Sz\u00f6r, P., Ferrie, P.: Hunting for metamorphic. In: Proceedings of the Virus Bulletin Conference, September 2001, pp. 123\u2013144 (2001)","key":"5_CR28"},{"key":"5_CR29","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-36084-0_15","volume-title":"Recent Advances in Intrusion Detection","author":"T. Toth","year":"2002","unstructured":"Toth, T., Kruegel, C.: Accurate Buffer Overflow Detection via Abstract Payload Execution. In: Wespi, A., Vigna, G., Deri, L. (eds.) RAID 2002. LNCS, vol.\u00a02516, Springer, Heidelberg (2002)"},{"key":"5_CR30","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","DOI":"10.1007\/11663812_12","volume-title":"Recent Advances in Intrusion Detection","author":"K. Wang","year":"2006","unstructured":"Wang, K., Cretu, G., Stolfo, S.J.: Anomalous Payload-based Worm Detection and Signature Generation. In: Valdes, A., Zamboni, D. (eds.) RAID 2005. LNCS, vol.\u00a03858, Springer, Heidelberg (2006)"},{"key":"5_CR31","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","DOI":"10.1007\/11856214_12","volume-title":"Recent Advances in Intrusion Detection","author":"K. Wang","year":"2006","unstructured":"Wang, K., Parekh, J.J., Stolfo, S.J.: Anagram: A Content Anomaly Detector Resistant to Mimicry Attack. In: Zamboni, D., Kruegel, C. (eds.) RAID 2006. LNCS, vol.\u00a04219, Springer, Heidelberg (2006)"},{"unstructured":"Wang, X., Pan, C.-C., Liu, P., Zhu, S.: Sigfree: A signature-free buffer overflow attack blocker. In: Proceedings of the USENIX Security Symposium (August 2006)","key":"5_CR32"},{"unstructured":"Wever, B.-J.: Alpha 2 (2004), \n                    \n                      http:\/\/www.edup.tudelft.nl\/~bjwever\/src\/alpha2.c","key":"5_CR33"},{"key":"5_CR34","doi-asserted-by":"publisher","first-page":"138","DOI":"10.1145\/781027.781045","volume-title":"Proceedings of the 2003 ACM SIGMETRICS international conference on Measurement and modeling of computer systems","author":"V. Yegneswaran","year":"2003","unstructured":"Yegneswaran, V., Barford, P., Ullrich, J.: Internet intrusions: global characteristics and prevalence. In: Proceedings of the 2003 ACM SIGMETRICS international conference on Measurement and modeling of computer systems, pp. 138\u2013147. ACM Press, New York (2003)"},{"key":"5_CR35","volume-title":"Proceedings of the ACM Symposium on Information, Computer and Communications Security (ASIACCS)","author":"Q. Zhang","year":"2007","unstructured":"Zhang, Q., Reeves, D.S., Ning, P., Lyer, S.P.: Analyzing network traffic to detect self-decrypting exploit code. In: Proceedings of the ACM Symposium on Information, Computer and Communications Security (ASIACCS), ACM Press, New York (2007)"}],"container-title":["Lecture Notes in Computer Science","Recent Advances in Intrusion Detection"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-540-74320-0_5.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,4,27]],"date-time":"2021-04-27T10:19:53Z","timestamp":1619518793000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-540-74320-0_5"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[null]]},"ISBN":["9783540743194","9783540743200"],"references-count":35,"URL":"https:\/\/doi.org\/10.1007\/978-3-540-74320-0_5","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[]}}