SecondDEP: Resilient Computing that Prevents Shellcode Execution in Cyber-Attacks | Zendy

Takeshi Okamoto | Zendy

AI Assistant Blog Pricing

Home ZAIA Blog

Open Access

SecondDEP: Resilient Computing that Prevents Shellcode Execution in Cyber-Attacks

Author(s) -

Takeshi Okamoto

Publication year - 2015

Publication title -

procedia computer science

Language(s) - English

Resource type - Journals

SCImago Journal Rank - 0.334

H-Index - 76

ISSN - 1877-0509

DOI - 10.1016/j.procs.2015.08.211

Subject(s) - computer science , operating system , overhead (engineering) , anti virus , embedded system , biology , virology

This paper proposes a novel method of preventing shellcode execution even if DEP is bypassed. The method prevents Windows APIs from calling on a data area by API hooking, based on evidence that shellcode is executed in a data area and that the shellcode calls Windows APIs. Performance tests indicated that all samples of shellcode provided by Metasploit Framework, as well asthe 18 most recent attacks using Metasploit Framework, can be detected. Comparison of this method with anti-virus products showed that this method prevented shellcode execution, whereas anti-virus products failed. Another test showed that the overhead of the method has little effect on the performance of computer operations

The content you want is available to Zendy users.

Already have an account? Click here to sign in.

Having issues? You can contact us here

Accelerating Research