Decompression Quines and Anti-Viruses

Abstract : Data compression is ubiquitous to any information and communication system. It often reduces resources required to store and transmit data. However, the efficiency of compression algorithms also makes them an obvious target for hackers to mount denial-of-service attacks. In this work, we consider decompression quines, a specific class of compressed files that decompress to themselves. We analyze all the known decompression quines by studying their structures , and their impact on anti-viruses. Our analysis reveals that most of the anti-viruses do not have a suitable architecture in place to detect decompression quines. Even worse, some of them are vulnerable to denial-of-service attacks exploiting quines. Motivated by our findings, we study several quine detectors and propose a new one that exploits the fact that quines and non-quine files do not share the same underlying structure. Our evaluation against different datasets shows that the detector incurs no performance overhead at the expense of a low false positive rate.
Type de document :
Communication dans un congrès
CODASPY 2017 - 7th ACM Conference on Data and Application Security and Privacy, Mar 2017, Scottsdale, United States. Proceedings of the 7th ACM Conference on Data and Application Security and Privacy, CODASPY 2017, Scottsdale, Arizona, USA, March 22-24, 2017. ACM 2017, ISBN 978-1-4503-4523-1/17/03, <http://www.codaspy.org/>. <10.1145/3029806.3029818>
Liste complète des métadonnées

https://hal.inria.fr/hal-01436200
Contributeur : Amrit Kumar <>
Soumis le : vendredi 20 janvier 2017 - 02:12:50
Dernière modification le : jeudi 15 juin 2017 - 09:08:44
Document(s) archivé(s) le : vendredi 21 avril 2017 - 12:58:18

Fichier

quine.pdf
Fichiers produits par l'(les) auteur(s)

Identifiants

Collections

Citation

Margaux Canet, Amrit Kumar, Cédric Lauradoux, Mary-Andréa Rakotomanga, Reihaneh Safavi-Naini. Decompression Quines and Anti-Viruses. CODASPY 2017 - 7th ACM Conference on Data and Application Security and Privacy, Mar 2017, Scottsdale, United States. Proceedings of the 7th ACM Conference on Data and Application Security and Privacy, CODASPY 2017, Scottsdale, Arizona, USA, March 22-24, 2017. ACM 2017, ISBN 978-1-4503-4523-1/17/03, <http://www.codaspy.org/>. <10.1145/3029806.3029818>. <hal-01436200>

Partager

Métriques

Consultations de
la notice

343

Téléchargements du document

163