Observatorio de I+D+i UPM

Memorias de investigación
Communications at congresses:
PolyVaccine: Protecting Web Servers against Zero-Day, Polymorphic and Metamorphic Exploits.
Year:2009
Research Areas
  • Programming language
Information
Abstract
Today web servers are ubiquitous having become critical infrastructures of many organizations. However, they are still one of the most vulnerable parts of organizations infrastructure. Exploits are many times used by worms to fast propagate across the full Internet being web servers one of their main targets. New exploit techniques have arouse in the last few years that have rendered useless traditional IDS techniques based on signature identification. Exploits use polymorphism (code encryption) and metamorphism (code obfuscation) to evade detection from signature-based IDSs. In this paper, we address precisely the topic of how to protect web servers against zero-day (new), polymorphic, and metamorphic malware embedded in data streams (requests) that target web servers. We rely on a novel technique to detect harmful binary code injection (i.e., exploits) in HTTP requests that is more efficient than current techniques based on binary code emulation or instrumentation of virtual engines. The detection of exploits is done through sandbox processes. The technique is complemented by another set of techniques such as caching, and pooling, to reduce its cost to neglectable levels. Our technique has little assumptions regarding the exploit unlike previous approaches that assume the existence of sled or getPC code, loops, read of the payload, writes to different addresses, etc. The evaluation shows that caching is highly effective and that the average latency introduced by our system is neglectable.
International
Si
Congress
28th Int. Symp. on Reliable Distributed Systems (SRDS).
960
Place
Nueva York, Estados Unidos
Reviewers
Si
ISBN/ISSN
978-0-7695-3826-6
10.1109/srds.2009.15
Start Date
27/09/2009
End Date
30/09/2010
From page
91
To page
99
2009 28th IEEE International Symposium on Reliable Distributed Systems
Participants
  • Autor: Marta Patiño Martinez (UPM)
  • Autor: Ricardo Jimenez Peris (UPM)
Research Group, Departaments and Institutes related
  • Creador: Grupo de Investigación: Distributed Systems Labs (LSD) Laboratorio de sistemas distribuidos
  • Departamento: Lenguajes y Sistemas Informáticos e Ingeniería de Software
S2i 2019 Observatorio de investigación @ UPM con la colaboración del Consejo Social UPM
Cofinanciación del MINECO en el marco del Programa INNCIDE 2011 (OTR-2011-0236)
Cofinanciación del MINECO en el marco del Programa INNPACTO (IPT-020000-2010-22)