Home > slashdot > English Shell Code Could Make Security Harder

English Shell Code Could Make Security Harder

November 23rd, 2009 11:33 admin

An anonymous reader writes to tell us that finding malicious code might have just become a little harder. Last week at the ACM Conference on Computer and Communications Security, security researchers Joshua Mason, Sam Small, Fabian Monrose, and Greg MacManus presented a method they developed to generate English shell code [PDF]. Using content from Wikipedia and other public works to train their engine, they convert arbitrary x86 shell code into sentences that read like spam, but are natively executable. “In this paper we revisit the assumption that shell code need be fundamentally different in structure than non-executable data. Specifically, we elucidate how one can use natural language generation techniques to produce shell code that is superficially similar to English prose. We argue that this new development poses significant challenges for in-line payload-based inspection (and emulation) as a defensive measure, and also highlights the need for designing more efficient techniques for preventing shell code injection attacks altogether.”

Related Articles:

  1. Testing Free English Anti-Malware On Non-English Threats
  2. Tips For Securing Your Secure Shell
  3. “Argonaut” Octopus Sucks Air Into Shell As Ballast
  4. Gaining a Remote Shell On Android
  5. English May Have Retained Words From an Ice Age Language
Comments are closed.