IDS mailing list archives

Re: A Neural Network to detect polymorphic shellcodes

From: "Michael Vergoz" <mv () binarysec com>
Date: Fri, 18 Aug 2006 18:08:22 +0200

Hi,

The neural networks aren't very useful for the detection of polymorphicshellcode (especially).Indeed by having a good disassembly library it is possible to solve ashellcode (polymorphic or not) and thus to detect it.

----- Original Message -----From: "Stefano Zanero" <s.zanero () securenetwork it>To: <mimanium () hotmail com>; "Focus-Ids Mailing List"<focus-ids () securityfocus com>

Sent: Thursday, August 17, 2006 2:12 PM
Subject: Re: A Neural Network to detect polymorphic shellcodes

mimanium () hotmail com wrote:

Hello,
I am loking for project that implement Neural Networks and spectrumanalysis to detect polymorphic shellcodes such as those of ADMutate.


This seems like a bad case of "pushing a technique onto a problem" or
better "buzzword fascination problem".

Spectral analysis is useful on continuous variables. How would you
represent "a shellcode" as a continuous variable or multivariate series
of continuos variables ?

Neural networks themselves are more useful on metric variables than on
qualitative variables. And here again: on what metrics and features
would you train them ?

Stefano

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------


Michael Vergoz
BinarySEC R&D
mv () binarysec com
Try BinarySEC for Apache NOW !

Free download : http://www.binarysec.com


------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?

Find out quickly and easily by testing itwith real-world attacks from CORE IMPACT.Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708to learn more.

------------------------------------------------------------------------

Current thread:

Re: A Neural Network to detect polymorphic shellcodes Stefano Zanero (Aug 17)
- Re: A Neural Network to detect polymorphic shellcodes Michael Vergoz (Aug 18)
- <Possible follow-ups>
- Re: A Neural Network to detect polymorphic shellcodes Jason Muskat, GCUX, VE3TSJ (Aug 24)