Remote code injection exploits inflict a significant societal cost, and an active underground economy has grown up around these continually evolving attacks. This paper presents a methodology for inferring the phylogeny, or evolutionary tree, of such exploits. The paper has applied this methodology to traffic captured at several vantage points, and it demonstrates that the methodology is robust to the observed polymorphism. The techniques revealed non-trivial code sharing among different exploit families, and the resulting phylogenies accurately captured the subtle variations among exploits within each family.
Did you find this white paper useful?
15 out of 23 users found this white paper useful
Related white papers
Balancing Security Against Productivity
What makes for great security? Is it about keeping the bad guys out or letting the good guys in? About defending attacks or preventing them? When IDG Research Services queried...
Secure Desktop On-Demand Webcast
The desktop or endpoint is one of the most vulnerable parts of your environment. Threats are everywhere. You have users who love to experiment with device settings (only to wonder...
Novell Zenworks Endpoint Security Management: Total Control from a Single Console
Still super gluing your USB ports shut? Unauthorized access to networks, lost or stolen laptops and other mobile hardware, and theft of proprietary information or intellectual property accounted for more...
Intel Case Study: Linksys
Delivering the optimum combination of security and performance in a cost-effective, manageable wireless product was both a design challenge and a business challenge for Linksys. Linksys found the ideal low-cost,...
Accountancy Firm Gain a Powerful New Tool for Laptop Security
Since 1997, Anderson Hubertz, Kirkhof (AHK) has been serving small to medium-sized companies throughout Denmark. With all 80 employees at AHK using corporate laptops, network security is crucial. AHK felt...
MSDN Webcast: Practical Security for Intranet Solutions (Level 200)
Internal Web and Windows-based applications often require integration with existing applications and systems, access to databases, strong authorization and authentication mechanisms, and identity management. This webcast discusses strategies for incorporating...
Explosives Detection
The Agilent 2100 bioanalyzer is a personal Lab-on-a-Chip platform operating disposable microfluidic chips for analysis of DNA/RNA/Proteins and cells. For the last 4 years, the Agilent 2100 bioanalyzer has replaced...
