An empirical study of real-world polymorphic code injection attacks

Michalis Polychronakis; Kostas G. Anagnostakis; Evangelos P. Markatos

An empirical study of real-world polymorphic code injection attacks

Michalis Polychronakis
, Kostas G. Anagnostakis
, Evangelos P. Markatos

Computer Science

Agency for Science, Technology and Research, Singapore
Foundation for Research and Technology-Hellas

Research output: Contribution to conference › Paper › peer-review

26 Scopus citations

Abstract

Remote code injection attacks against network services remain one of the most effective and widely used exploitation methods for malware propagation. In this paper, we present a study of more than 1.2 million polymorphic code injection attacks targeting production systems, captured using network-level emulation. We focus on the analysis of the structure and operation of the attack code, as well as the overall attack activity in relation to the targeted services. The observed attacks employ a highly diverse set of exploits, often against less widely used vulnerable services, while our results indicate limited use of sophisticated obfuscation schemes and extensive code reuse among different malware families.

Original language	English
State	Published - 2009
Event	2nd USENIX Workshop on Large-Scale Exploits and Emergent Threats: Botnets, Spyware, Worms, and More, LEET 2009 - Boston, United States Duration: Apr 21 2019 → …

Conference

Conference	2nd USENIX Workshop on Large-Scale Exploits and Emergent Threats: Botnets, Spyware, Worms, and More, LEET 2009
Country/Territory	United States
City	Boston
Period	04/21/19 → …

Cite this

@conference{5d9f626079c54a1dbc18da75cb1f82e3,

title = "An empirical study of real-world polymorphic code injection attacks",

abstract = "Remote code injection attacks against network services remain one of the most effective and widely used exploitation methods for malware propagation. In this paper, we present a study of more than 1.2 million polymorphic code injection attacks targeting production systems, captured using network-level emulation. We focus on the analysis of the structure and operation of the attack code, as well as the overall attack activity in relation to the targeted services. The observed attacks employ a highly diverse set of exploits, often against less widely used vulnerable services, while our results indicate limited use of sophisticated obfuscation schemes and extensive code reuse among different malware families.",

author = "Michalis Polychronakis and Anagnostakis, \{Kostas G.\} and Markatos, \{Evangelos P.\}",

note = "Publisher Copyright: {\textcopyright} 2009 USENIX. All rights reserved.; 2nd USENIX Workshop on Large-Scale Exploits and Emergent Threats: Botnets, Spyware, Worms, and More, LEET 2009 ; Conference date: 21-04-2019",

year = "2009",

language = "English",

}

An empirical study of real-world polymorphic code injection attacks. / Polychronakis, Michalis; Anagnostakis, Kostas G.; Markatos, Evangelos P.
2009. Paper presented at 2nd USENIX Workshop on Large-Scale Exploits and Emergent Threats: Botnets, Spyware, Worms, and More, LEET 2009, Boston, United States.

Research output: Contribution to conference › Paper › peer-review

TY - CONF

T1 - An empirical study of real-world polymorphic code injection attacks

AU - Polychronakis, Michalis

AU - Anagnostakis, Kostas G.

AU - Markatos, Evangelos P.

PY - 2009

Y1 - 2009

N2 - Remote code injection attacks against network services remain one of the most effective and widely used exploitation methods for malware propagation. In this paper, we present a study of more than 1.2 million polymorphic code injection attacks targeting production systems, captured using network-level emulation. We focus on the analysis of the structure and operation of the attack code, as well as the overall attack activity in relation to the targeted services. The observed attacks employ a highly diverse set of exploits, often against less widely used vulnerable services, while our results indicate limited use of sophisticated obfuscation schemes and extensive code reuse among different malware families.

AB - Remote code injection attacks against network services remain one of the most effective and widely used exploitation methods for malware propagation. In this paper, we present a study of more than 1.2 million polymorphic code injection attacks targeting production systems, captured using network-level emulation. We focus on the analysis of the structure and operation of the attack code, as well as the overall attack activity in relation to the targeted services. The observed attacks employ a highly diverse set of exploits, often against less widely used vulnerable services, while our results indicate limited use of sophisticated obfuscation schemes and extensive code reuse among different malware families.

UR - https://www.scopus.com/pages/publications/85084096732

M3 - Paper

AN - SCOPUS:85084096732

T2 - 2nd USENIX Workshop on Large-Scale Exploits and Emergent Threats: Botnets, Spyware, Worms, and More, LEET 2009

Y2 - 21 April 2019

ER -

An empirical study of real-world polymorphic code injection attacks

Abstract

Conference

Other files and links

Fingerprint

Cite this