Efficient Shellcode Detection on Commodity Hardware

Donghai TIAN  Mo CHEN  Changzhen HU  Xuanya LI  

IEICE TRANSACTIONS on Information and Systems   Vol.E96-D   No.10   pp.2272-2276
Publication Date: 2013/10/01
Online ISSN: 1745-1361
DOI: 10.1587/transinf.E96.D.2272
Print ISSN: 0916-8532
Type of Manuscript: LETTER
Category: Software System
efficient shellcode detection,  multi-core technology,  

Full Text: PDF(598.5KB)>>
Buy this Article

As more and more software vulnerabilities are exposed, shellcode has become very popular in recent years. It is widely used by attackers to exploit vulnerabilities and then hijack program's execution. Previous solutions suffer from limitations in that: 1) Some methods based on static analysis may fail to detect the shellcode using obfuscation techniques. 2) Other methods based on dynamic analysis could impose considerable performance overhead. In this paper, we propose Lemo, an efficient shellcode detection system. Our system is compatible with commodity hardware and operating systems, which enables deployment. To improve the performance of our system, we make use of the multi-core technology. The experiments show that our system can detect shellcode efficiently.