Abstract
Shellcode is the core part of an attacker exploiting a vulnerability in a binary program, and it is an essential piece of binary bytes to gain control of the target machine. Therefore, the detection of Shellcode is an important part of binary program security protection. However, the currently common static analysis and simulation execution methods for Shellcode detection have problems of low accuracy and low efficiency, resulting in limited actual role. Machine learning models have strong learning and generalization capabilities, and can extract hidden features that are difficult to find manually. This paper proposes a system for detecting Shellcode in network traffic based on the VSM machine learning model. Through the VSM model, the payload data in the network traffic is matched with the Shellcode library to achieve the effect of detecting unknown Shellcode. The experimental results show that the Shellcode detection system based on the VSM model proposed in this paper can effectively detect the known Shellcode, and still has a certain ability to detect the unknown Shellcode.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Detection of Intrusions and Malware, and Vulnerability Assessment. Springer International Publishing (2018)
Zhang, Q., Reeves, D.S., Ning, P., et al.: Analyzing network traffic to detect self-decrypting exploit code. In: Proceedings of the 2nd ACM Symposium on Information, Computer and Communications Security, pp. 4–12 (2007)
Lukan, D.: Shellcode detection and emulation with libemu (2014)
Zhao, Z., Ahn, G.J.: Using instruction sequence abstraction for shellcode detection and attribution. In: 2013 IEEE Conference on Communications and Network Security (CNS). IEEE, pp. 323–331 (2013)
Verma, N., Mishra, V., Singh, V.P.: Detection of alphanumeric shellcodes using similarity index. In: 2014 International Conference on Advances in Computing, Communications and Informatics (ICACCI), pp. 1573–1577. IEEE (2014)
Qi, D.Y.: jiyu tezheng pipei dee yidai mabian zhongjian ce [Malicious code variant detection based on feature matching]. Jisuan jiyu shuzi gongcheng 47(5), 1179–1183 (2019)
Chowdhury, G.G.: Introduction to Modern Information Retrieval. Facet Publishing (2010)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Liu, P., Cui, B., Cui, C. (2023). Traffic-Oriented Shellcode Detection Based on VSM. In: Barolli, L. (eds) Advances in Internet, Data & Web Technologies. EIDWT 2023. Lecture Notes on Data Engineering and Communications Technologies, vol 161. Springer, Cham. https://doi.org/10.1007/978-3-031-26281-4_15
Download citation
DOI: https://doi.org/10.1007/978-3-031-26281-4_15
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-26280-7
Online ISBN: 978-3-031-26281-4
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)