Re: A Neural Network to detect polymorphic shellcodes

[Dragos Ruiu <dr () kyx net>]

> I am loking for project that implement Neural Networks and spectrum
> analysis to detect polymorphic shellcodes such as those of ADMutate.

> Please if you have any links or if your ever workd on such projects I need
> your help!

> I especialy need to know what could be the imputs of the Neural Network and
> how I can train it.

Well training it would require a plentiful supply of real world shellcodes,
and lots of mutated copies.

A simpler strategy is to look for distinguishing features of the mutator.
I wrote such a preprocessor to detect mutated NOP sleds for snort a 
while back. Search for "spp_fnord.c" in bugtraq archives and you 
should find it.

cheers,
--dr

-- 
World Security Pros. Cutting Edge Training, Tools, and Techniques
Tokyo, Japan    November 27-30 2006    http://pacsec.jp
pgpkey http://dragos.com/ kyxpgp

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
------------------------------------------------------------------------