Defending against Polymorphic Attacks: Recent Results and Open Questions

As state-of-the-art network-level attack-detection technology becomes more prevalent, attackers are likely to evolve, employing techniques such as polymorphism and metamorphism to evade detection. Although recent advances in detection methods have been promising, most existing proposals can be defeated using only minor enhancements to the attack vector. This presentation will discuss the various obfuscation techniques that attackers can employ for evading detection, and present a new heuristic polymorphic shellcode detection method based on a NIDS-embedded CPU emulator that is more robust to obfuscation techniques and will also discuss advanced evasion techniques.

Download Slides Download Slides (585 Kb)


This presentation is part of session NoAH Workshop on Honeypots.