关键词: 溢出攻击代码, 多态, 抽象执行, 符号执行, 无操作指令序列

Abstract: A new approach using static analysis was proposed to discover the polymorphic attack codes hidden in network data flows. The idea of abstract execution was firstly adopted to construct control flow graph, then both symbolic execution and taint analysis were used to detect attack codes, at last, predefined length of NOOP instruction sequence was recognized to help detection. The experimental results show that the approach is capable of correctly distinguishing the attack codes from regular network flows.

Key words: exploit code, polymorphic, abstract execution, symbolic execution, NOOP instruction sequence