Skip to main content

Packet vaccine: Black-box exploit detection and signature generation

Publication ,  Conference
Wang, X; Li, Z; Xu, J; Reiter, MK; Kil, C; Choi, JY
Published in: Proceedings of the ACM Conference on Computer and Communications Security
December 1, 2006

In biology,a vaccine is a weakened strain of a virus or bacterium that is intentionally injected into the body for the purpose of stimulating antibody production.Inspired by this idea, we propose a packet vaccine mechanism that randomizes address-like strings in packet payloads to carry out fast exploit detection, vulnerability diagnosis and signature generation. An exploit with a randomized jump address behaves like a vaccine: it will likely cause an exception in a vulnerable program's process when attempting to hijack the control flow,and thereby expose itself. Taking that exploit as a template, our signature generator creates a set of new vaccines to probe the program, in an attempt to uncover the necessary conditions for the exploit to happen. A signature is built upon these conditions to shield the underlying vulnerability from further attacks. In this way, packet vaccine detects and fllters exploits in a black-box fashion,i.e., avoiding the expense of tracking the program's execution flow. We present the design of the packet vaccine mechanism and an example of its application. We also describe our proof-of-concept implementation and the evaluation of our technique using real exploits. Copyright 2006 ACM.

Duke Scholars

Published In

Proceedings of the ACM Conference on Computer and Communications Security

DOI

ISSN

1543-7221

Publication Date

December 1, 2006

Start / End Page

37 / 46
 

Citation

APA
Chicago
ICMJE
MLA
NLM
Wang, X., Li, Z., Xu, J., Reiter, M. K., Kil, C., & Choi, J. Y. (2006). Packet vaccine: Black-box exploit detection and signature generation. In Proceedings of the ACM Conference on Computer and Communications Security (pp. 37–46). https://doi.org/10.1145/1180405.1180412
Wang, X., Z. Li, J. Xu, M. K. Reiter, C. Kil, and J. Y. Choi. “Packet vaccine: Black-box exploit detection and signature generation.” In Proceedings of the ACM Conference on Computer and Communications Security, 37–46, 2006. https://doi.org/10.1145/1180405.1180412.
Wang X, Li Z, Xu J, Reiter MK, Kil C, Choi JY. Packet vaccine: Black-box exploit detection and signature generation. In: Proceedings of the ACM Conference on Computer and Communications Security. 2006. p. 37–46.
Wang, X., et al. “Packet vaccine: Black-box exploit detection and signature generation.” Proceedings of the ACM Conference on Computer and Communications Security, 2006, pp. 37–46. Scopus, doi:10.1145/1180405.1180412.
Wang X, Li Z, Xu J, Reiter MK, Kil C, Choi JY. Packet vaccine: Black-box exploit detection and signature generation. Proceedings of the ACM Conference on Computer and Communications Security. 2006. p. 37–46.

Published In

Proceedings of the ACM Conference on Computer and Communications Security

DOI

ISSN

1543-7221

Publication Date

December 1, 2006

Start / End Page

37 / 46