Detecting ShellCode Using Entropy

Woo Suk Kim; Sung Hoon Kang; Kyung Shin Kim; Seung Joo Kim

Detecting ShellCode Using Entropy

KIPS Transactions on Computer and Communication Systems, Vol. 3, No. 3, pp. 87-96, Mar. 2014

10.3745/KTCCS.2014.3.3.87, PDF Download:

Abstract

Hackers try to achieve their purpose in a variety of ways, such as operating own website and hacking a website. Hackers seize a large amount of private information after they have made a zombie PC by using malicious code to upload the website and it would be used another hacking. Almost detection technique is the use Snort rule. When unknown code and the patterns in IDS/IPS devices are matching on network, it detects unknown code as malicious code. However, if unknown code is not matching, unknown code would be normal and it would attack system. Hackers try to find patterns and make shellcode to avoid patterns. So, new method is needed to detect that kinds of shellcode. In this paper, we proposed a noble method to detect the shellcode by using Shannon`s information entropy.

Statistics

Show / Hide Statistics

Statistics (Cumulative Counts from September 1st, 2017)
Multiple requests among the same browser session are counted as one view.
If you mouse over a chart, the values of data points will be shown.

Cite this article

[IEEE Style]

W. S. Kim, S. H. Kang, K. S. Kim, S. J. Kim, "Detecting ShellCode Using Entropy," KIPS Transactions on Computer and Communication Systems, vol. 3, no. 3, pp. 87-96, 2014. DOI: 10.3745/KTCCS.2014.3.3.87.

[ACM Style]

Woo Suk Kim, Sung Hoon Kang, Kyung Shin Kim, and Seung Joo Kim. 2014. Detecting ShellCode Using Entropy. KIPS Transactions on Computer and Communication Systems, 3, 3, (2014), 87-96. DOI: 10.3745/KTCCS.2014.3.3.87.