• 1
    CRET. Computer emergency response team.
  • 2
  • 3
    Baecher P, Koetter M. Getting around non-executable stack (and fix).
  • 4
    Krügel C, Lippmann R, Clark A. Emulation-based detection of non-self-contained polymorphic shellcode. 10th International Symposium on Recent Advances in Intrusion Detection, 2007.
  • 5
    Bania P. Evading network-level emulation.
  • 6
    Rieck K, Krueger T, Dewald A. Cujo: efficient detection and prevention of drive-by-download attacks. Proc. of 26th Annual Computer Security Applications Conference (ACSAC), 2010.
  • 7
    Wang K, Cretu G, Stolfo S. Anomalous payload-based worm detection and signature generation. Proceedings of the Recent Advances in Intrusion Detection, 2006.
  • 8
    Song Y, Keromytis A, Stolfo S. Spectrogram: a mixture of Markov chains model for anomaly detection in web traffic. Proceedings of the Network and Distributed System Security Symposium, 2009.
  • 9
  • 10
    Hu X, Chiueh T, Shin K. Large-scale malware indexing using function-call graphs. ACM Conference on Computer and Communications Security, pages 611–620, 2009.
  • 11
    Ma J, Dunagan J, Wang HJ, Savage S, Voelker GM. Finding diversity in remote code injection exploits. Internet Measurement Conference, 2006; 5364.
  • 12
    Song Y, Locasto M, Stavrou A, Keromytis A, Stolfo S. On the infeasibility of modeling polymorphic shellcode. In Proceedings of the 14th ACM conference on Computer and communications security (CCS). 2007; 541551.
  • 13
    Polychronakis M, Anagnostakis K, Markatos E. Network-level polymorphic shellcode detection using emulation. In Proceedings of the GI/IEEE SIG SIDAR Conference on Detection of Intrusions and Malware and Vulnerability Assessment (DIMVA). 2006; 5473.
  • 14
    Gu B, Bai X, Yang Z, Champion A, Xuan D. Malicious shellcode detection with virtual memory snapshots. INFOCOM, 2010; 974982.
  • 15
    Wang X, Pan C, Liu P, Zhu S. SigFree: a signature-free buffer overflow attack blocker. 15th Usenix Security Symposium, 2006.
  • 16
    Christodorescu M, Kruegel C, Jha S. Mining Specifications of Malicious Behavior. ESEC/FSE'07, ACM Press: New York, NY, USA, 2007; 514.
  • 17
    Preda M, Christodorescu M, Jha S, Debray S. A semantics-based approach to malware detection. In Proceedings of the 34th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL'07). 2007; 377388.
  • 18
    Wang X, Jhi Y, Zhu S, Liu P. STILL: exploit code detection via static taint and initialization analyses. Proceedings of Anual Computer Security Applications Conference (ACSAC), 2008.
  • 19
    Borders K, Prakash A, Zielinski M. Spector: automatically analyzing shell code. In Proceedings of the 23rd Annual Computer Security Applications Conference. 2007; 501514.
  • 20
    Newsome J, Song D. Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software. Proceedings of Network and Distributed System Security Symposium, 2005.
  • 21
    Krugel C, Kirda E. Polymorphic worm detection using structural information of executables. 2005 International Symposium on Recent Advances in Intrusion Detecion, 2005.
  • 22
    Chung S, Mok A. Advanced allergy attacks: does a corpus really help. In Recent Advances in Intrusion Detection (RAID), 2007.
  • 23
    Wang K, Parekh J, Stolfo S. Anagram: a content anomaly detector resistant to mimicry attack. Proceedings of the Recent Advances in Intrusion Detection, 2006.
  • 24
    Pedro N, Domingos P, Sumit M, Verma S. Adversarial classification. In 10th ACM SIGKDD Conference on Knowledge Discovery and Data mining. 2004; 99108.
  • 25
    Kong D, Jhi Y, Gong T, Zhu S, Liu P, Xi H. SAS: semantic aware signature generation for polymorphic worm detection. Proceedings of International Conference on Security and Privacy in Communication Networks, 2010.
  • 26
    Kong D, Tian D, Wu D, Liu P. SA3: Automatic semantic aware attribution analysis of remote exploits. Proceedings of International Conference on Security and Privacy in Communication Networks, 2011.
  • 27
    Collberg C, Thomborson C, Low D. A taxonomy of obfuscating transformations. Technical Report 148, University of Auckland, 1997.
  • 28
    Detristan T, Ulenspiegel T, Malcom Y, Superbus M, Underduk V. Polymorphic shellcode engine using spectrum analysis.
  • 29
    Moore H. The Metasploit project.
  • 30
    Bellman R. Adaptive Control Processes: a Guided Tour. Princeton University Press: Princeton, New Jersey, USA, 1961.
  • 31
    Meyn S, Tweedie R. Markov Chains and Stochastic Stability. Cambridge University Press: Cambridge, United Kingdom, 2005.
  • 32
    John A. R.A. Fisher and the making of maximum likelihood 1912–1922. Statistical Science 1997; 12(3): 162176.
  • 33
    Dempster A, Laird N, Rubin D. Maximum likelihood from incomplete data via the EM algorithm. Journal of the Royal Statistical Society 1977: 3437.
  • 34
    Bertsekas D. Nonlinear Programming. Athena Scientific: Cambridge, MA, 1999.
  • 35
    Macaulay S. ADMmutate: Polymorphic shellcode engine.
  • 36
    Jemiscode. Jemiscodes—a polymorphic shellcode generator.
  • 37
    Lyda R, Hamrock J. Using entropy analysis to find encrypted and packed malware. IEEE Security and Privacy 2007; 5(2): 4045.
  • 38
    Li Z, Sanghi M, Chen Y, Kao M, Chavez B. Hamsa: fast signature generation for zero-day polymorphic worms with provable attack resilience. IEEE Symposium on Security and Privacy, 2006.
  • 39
    Newsome J, Karp B, Song D. Polygraph: automatic signature generation for polymorphic worms. IEEE Symposium on Security and Privacy, 2005.