Skip to Main Content
Frequently Asked Questions
Submit an ETD
Global Search Box
Need Help?
Keyword Search
Participating Institutions
Advanced Search
School Logo
Files
File List
osu1354523604.pdf (1.34 MB)
ETD Abstract Container
Abstract Header
Context-Aware Malicious Code Detection
Author Info
Gu, Boxuan
Permalink:
http://rave.ohiolink.edu/etdc/view?acc_num=osu1354523604
Abstract Details
Year and Degree
2012, Doctor of Philosophy, Ohio State University, Computer Science and Engineering.
Abstract
Malicious codes are one of the biggest threats on the Internet according to the US-CERT vulnerability database. One salient example is Conficker, a malicious code targeting MS Windows that was released in 2009. Before it was discovered, millions of computers on the Internet were infected. Many approaches to malicious code detection have been proposed. However, such approaches have a key weakness: they do not leverage context information from target systems and input data in order to perform detection. Malicious codes can fully utilize context information for attack purposes, thereby evading detection. To address this issue, we propose a methodology that leverages such context information for malicious code detection. Based on this methodology, we design and implement three detection systems for malicious code detection on servers, Web browsers, and smartphones. Our first system takes ``snapshots'' of a target process's virtual memory space and leverages these snapshots to reveal malicious codes' true behaviors when consuming input data. Based on the first system, we construct the second system, which leverages Web browsers' JavaScript code execution environment to detect malicious JavaScript codes that exploit browsers' memory errors. Our third system uses an information flow tracking mechanism to detect malicious codes that steal sensitive information stored in smartphones. We comprehensively evaluate these detection systems with many real-world malicious codes. Our experimental results indicate that the context information can be used to greatly improve detection effectiveness with reasonable overhead.
Committee
Dong Xuan (Advisor)
Ten H. Lai (Committee Member)
Feng Qin (Committee Member)
Pages
128 p.
Subject Headings
Computer Science
Keywords
intrusion detection
;
malicious code detection
;
web security
;
javascript security
;
smartphone security
;
android security
;
information flow tracking
;
information leaking
;
worm detection
;
shellcode
;
shellcode detection
;
Recommended Citations
Refworks
EndNote
RIS
Mendeley
Citations
Gu, B. (2012).
Context-Aware Malicious Code Detection
[Doctoral dissertation, Ohio State University]. OhioLINK Electronic Theses and Dissertations Center. http://rave.ohiolink.edu/etdc/view?acc_num=osu1354523604
APA Style (7th edition)
Gu, Boxuan.
Context-Aware Malicious Code Detection.
2012. Ohio State University, Doctoral dissertation.
OhioLINK Electronic Theses and Dissertations Center
, http://rave.ohiolink.edu/etdc/view?acc_num=osu1354523604.
MLA Style (8th edition)
Gu, Boxuan. "Context-Aware Malicious Code Detection." Doctoral dissertation, Ohio State University, 2012. http://rave.ohiolink.edu/etdc/view?acc_num=osu1354523604
Chicago Manual of Style (17th edition)
Abstract Footer
Document number:
osu1354523604
Download Count:
820
Copyright Info
© 2012, all rights reserved.
This open access ETD is published by The Ohio State University and OhioLINK.