Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



IDS: Re: A Neural Network to detect polymorphic shellcodes

Re: A Neural Network to detect polymorphic shellcodes

From: Michael Vergoz <mv_at_binarysec.com>
Date: Fri, 18 Aug 2006 18:08:22 +0200

Hi,

The neural networks aren't very useful for the detection of polymorphic
shellcode (especially).
Indeed by having a good disassembly library it is possible to solve a
shellcode (polymorphic or not) and thus to detect it.

----- Original Message -----
From: "Stefano Zanero" <s.zanero_at_securenetwork.it>
To: <mimanium_at_hotmail.com>; "Focus-Ids Mailing List"
<focus-ids_at_securityfocus.com>
Sent: Thursday, August 17, 2006 2:12 PM
Subject: Re: A Neural Network to detect polymorphic shellcodes

> mimanium_at_hotmail.com wrote:
>> Hello,
>>
>> I am loking for project that implement Neural Networks and spectrum
>> analysis to detect polymorphic shellcodes such as those of ADMutate.
>
> This seems like a bad case of "pushing a technique onto a problem" or
> better "buzzword fascination problem".
>
> Spectral analysis is useful on continuous variables. How would you
> represent "a shellcode" as a continuous variable or multivariate series
> of continuos variables ?
>
> Neural networks themselves are more useful on metric variables than on
> qualitative variables. And here again: on what metrics and features
> would you train them ?
>
> Stefano
>
> ------------------------------------------------------------------------
> Test Your IDS
>
> Is your IDS deployed correctly?
> Find out quickly and easily by testing it
> with real-world attacks from CORE IMPACT.
> Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
> to learn more.
> ------------------------------------------------------------------------

Michael Vergoz
BinarySEC R&D
mv_at_binarysec.com
Try BinarySEC for Apache NOW !
Free download : http://www.binarysec.com

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------
Received on Aug 18 2006

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos