| Due to the widely used computer operating system and lots of software that are developed by non-secure programming languages C and C + +, there are so many security risks and implicit problems existed in the software and the system. Also,there are a lot of malicious attacks in the network which posed serious threat to computer security. The main attack vector for the corresponding vulnerability attack is malicious code Shellcode.The test results of the existing detection techniques in the detection of polymorphic Shellcode are unsatisfactory because they are unable to accurately locate and identify malicious code.Therefore, this paper proposed an effective detection scheme through the study of Shellcode structure and composition. The scheme is mainly a combination of static and dynamic testing techniques to improve the detection results. For polymorphism encoding processing Shellcode, the decoding instruction sequences and memory read and write access times are as test basis. Common malicious codes are judged by similarity.In order to verify the effectiveness of the proposed detection technology solutions, this article will compare the real samples generated polymorphic engine(MetaSploit ADMmutate CLET and Jempiscodes) Shellcode and some safety data of the daily work. To detect the effect of the false positive rate, false negative rate, and performance indicators of consumption as a validation.Experiment results show that the proposed method in the paper achieved the expected results, and detection results of polymorphic and ordinary Shellcode are efficient and accurate. And has a low false alarm rate and quick detection rate. |
PDF Full Text Request