Andere Kunden interessierten sich auch für
![COMPUTER AIDED SYSTEM FOR DETECTING MASSES IN MAMMOGRAMS]( "COMPUTER AIDED SYSTEM FOR DETECTING MASSES IN MAMMOGRAMS")
COMPUTER AIDED SYSTEM FOR DETECTING MASSES IN MAMMOGRAMS38,99 €![Detecting Events in Surveillance Videos]( "Detecting Events in Surveillance Videos")
Detecting Events in Surveillance Videos32,99 €![A Domain-Driven Approach for Detecting Event Patterns in E-Markets]( "A Domain-Driven Approach for Detecting Event Patterns in E-Markets")
A Domain-Driven Approach for Detecting Event Patterns in E-Markets51,99 €![Pervasive Wireless Environments: Detecting and Localizing User Spoofing]( "Pervasive Wireless Environments: Detecting and Localizing User Spoofing")
Pervasive Wireless Environments: Detecting and Localizing User Spoofing37,99 €![Detecting Peripheral-based Attacks on the Host Memory]( "Detecting Peripheral-based Attacks on the Host Memory")
Detecting Peripheral-based Attacks on the Host Memory74,99 €![Detecting sources of information leaks on networked smart devices]( "Detecting sources of information leaks on networked smart devices")
Detecting sources of information leaks on networked smart devices27,99 €![Detecting Peripheral-based Attacks on the Host Memory]( "Detecting Peripheral-based Attacks on the Host Memory")
Detecting Peripheral-based Attacks on the Host Memory69,99 €
The problem of modeling and detecting polymorphic engines shellcode is adressed in this book. By polymorphic engines, we mean programs having the ability to transform any piece of malware into many instances consisting of different code but having the same functionality as the original malware. Typically, polymorphic engines work by encrypting the target malware using various encryption techniques and providing a decryption module in order to execute the newly encrypted instance. Moreover, those engines have the ability to mutate their decryption routine making them unique from one instance to another and hard to detect. We propose a new concept of signatures, shape signatures, which cope with the highly mutated nature of those engines. The shape signatures try to identify the constant part as well as the mutated part of the deciphering routines. This combination is able to cope with the highly mutated nature of those engines in a much more efficient way compared to traditional signatures used in most intrusion detection systems. We also aim at modeling those polymorphic engines by showing that they exhibit a specific byte composition.