Social video annotation by combining features with a tri-adaptation approach
3
Citation
46
Reference
10
Related Paper
Citation Trend
Keywords:
Feature (linguistics)
The annual cost of Cybercrime to the global economy is estimated to be around $400 billion, in support of which Exploit Kits have been providing enabling technology since 2006. This paper reviews the recent developments in Exploit Kit capability and how these are being applied in practice. In doing so it paves the way for better understanding of the exploit kits economy that may better help in combatting them and considers industry's preparedness to respond.
Cybercrime
Cite
Citations (28)
Recently, more and more software vulnerabilities are disclosed and researchers tend to study on automatically discover and exploit the vulnerabilities. However, the main challenges of automated exploit generation are: 1) it is hard to analyze the program failure and extract useful information, 2) the scenario of the vulnerability too complex to successfully exploit. Therefore, This paper proposes a vulnerability exploit generation framework AEG-E. AEG-E can extract the control flow graph from the target program and employ the crash reproduce algorithm in symbolic execution to reduce the problem of path explosion. To adapt to complex vulnerability scenarios, we design the extendable and user-configurable exploit model to generate different exploit. Finally, we used the binaries from Robo Hacking Games and real world program to demonstrate the validity and efficiency of AEG-E. The experiment results shows that AEG-E is 2.913 times more efficient than previous exploit generation tool, REX.
Vulnerability
Control flow graph
Cite
Citations (3)
The remote exploit is a common way used by attackers to get control of hosts, and it is considered one of the major threats of cybersecurity. Nowadays, the increasing number of vulnerabilities and advanced exploit techniques makes it harder to deploy effective countermeasures. The current countermeasures suffer from one or more of these disadvantages: 1) ineffective, 2) high overhead, and 3) unpractical for deployment. Therefore, a new method, which overcomes these disadvantages, for exploit containment is in critical demand. In this paper, we propose Event-Based Filter (EBF), a light-weighted and novel way to contain the exploit. EBF promptly filters out the exploit and terminates it. We present PsEBF, as a prototypic implementation of EBF, to prove our concept. PsEBF can filter process events and contain the exploit rapidly. Experiment on exploit test and performance shows that PsEBF is effective, efficient, and practical for deployment
Cite
Citations (0)
Abstract : Host-based intrusion-prevention systems are recently popular technologies that protect computer systems from malicious attacks. Instead of merely detecting exploits, the systems attempt to prevent the exploits from succeeding on the host they protect. This research explores the threats that have led to the development of these systems and the techniques many use to counter those problems. The author then evaluates two current intrusion-prevention products (McAfee Entercept and the Cisco Security Agent) as to their success in preventing exploits. His tests used live viruses, worms, Trojan horses, and remote exploits that turned loose on an isolated two-computer network. The author then makes recommendations about deployment of the two products based on the results of this testing. Testing procedures for the remote exploit, e-mail exploit, disk exploit, and web phase exploit are appended.
Cite
Citations (1)
The automatic exploit generation challenge is given a program, automatically find vulnerabilities and generate exploits for them. In this paper we present AEG, the first end-to-end system for fully automatic exploit generation. We used AEG to analyze 14 open-source projects and successfully generated 16 control flow hijacking exploits. Two of the generated exploits (expect-5.43 and htget-0.93) are zero-day exploits against unknown vulnerabilities. Our contributions are: 1) we show how exploit generation for control flow hijack attacks can be modeled as a formal verification problem, 2) we propose preconditioned symbolic execution, a novel technique for targeting symbolic execution, 3) we present a general approach for generating working exploits once a bug is found, and 4) we build the first end-to-end system that automatically finds vulnerabilities and generates exploits that produce a shell.
Control flow
Cite
Citations (213)
Download
Cite
Citations (64)
The exploit machination is in backward status in tourism research usually. Based on many examples and studies in China, summarized two kinds of models on exploit machination such as single and all-round machination. Pointed out that there were four stages mainly such as choose market, enter market, enlarge market gradually and remain market stages; and by using the theme park probing the eight contents such as program background and exploit circumstance, market analysis and exploit features, products exploit machination, image design, economy investment and output, sales machination, continuous development and public-relation machination. At last, pointed out some tendencies on the theme park and the four principles during the machination.
Theme (computing)
Cite
Citations (0)
Cite
Citations (24)
The claims shall be supported by the description and shall state the extent of the patent protection asked for. The mode of carrying out the patent is a necessary part of the description of a patent. The exploit examples is a state to the mode of carrying out the patent. It is not a necessary part of description. If the technical features of claims which originates exploit examples is opened in the outline of the technical solution of description, it not supported by the description. It cannot be force protected. The written ruled of exploit examples is that the state of exploit examples is same to the outline of the technical solution, and must detailed interpreted the technical feature of the claims, so as to support the claims.
Feature (linguistics)
Mode (computer interface)
Cite
Citations (0)
Modern operating systems set exploit mitigations to thwart the exploit, which has also become a barrier to automated exploit generation (AEG). Many current AEG solutions do not fully account for exploit mitigations, and as a result, they are unable to accurately assess the exploitability of vulnerabilities in such settings.This paper proposes AEMB, an automated solution for bypassing exploit mitigations and generating useable exploits (EXPs). Initially, AEMB identifies exploit mitigations in the system based on characteristics of the program execution environment. Then, AEMB implements exploit mitigations bypassing the payload generation by modeling expert experience and constructs the corresponding constraints. Next, during the program’s execution, AEMB uses symbol execution to collect symbol information and create exploit constraints. Finally, AEMB utilizes a solver to solve the constraints, including payload constraints and exploit constraints, to generate the EXP. In this paper, we evaluated a prototype of AEMB on six test programs and seven real-world applications. Furthermore, we conducted 54 sets of experiments on six different combinations of exploit mitigations. Experiment results indicate that AEMB can automatically overcome exploit mitigations and produce successful exploits for 11 out of 13 applications.
Cite
Citations (4)