Decompression Quines and Anti-Viruses - Inria - Institut national de recherche en sciences et technologies du numérique Accéder directement au contenu
Communication Dans Un Congrès Année : 2017

Decompression Quines and Anti-Viruses

Résumé

Data compression is ubiquitous to any information and communication system. It often reduces resources required to store and transmit data. However, the efficiency of compression algorithms also makes them an obvious target for hackers to mount denial-of-service attacks. In this work, we consider decompression quines, a specific class of compressed files that decompress to themselves. We analyze all the known decompression quines by studying their structures , and their impact on anti-viruses. Our analysis reveals that most of the anti-viruses do not have a suitable architecture in place to detect decompression quines. Even worse, some of them are vulnerable to denial-of-service attacks exploiting quines. Motivated by our findings, we study several quine detectors and propose a new one that exploits the fact that quines and non-quine files do not share the same underlying structure. Our evaluation against different datasets shows that the detector incurs no performance overhead at the expense of a low false positive rate.
Fichier principal
Vignette du fichier
quine.pdf (597.77 Ko) Télécharger le fichier
Origine : Fichiers produits par l'(les) auteur(s)

Dates et versions

hal-01589192 , version 2 (20-01-2017)
hal-01589192 , version 1 (18-09-2017)

Identifiants

Citer

Margaux Canet, Amrit Kumar, Cédric Lauradoux, Mary-Andréa Rakotomanga, Reihaneh Safavi-Naini. Decompression Quines and Anti-Viruses. CODASPY 2017 - 7th ACM Conference on Data and Application Security and Privacy, Mar 2017, Scottsdale, United States. ⟨10.1145/3029806.3029818⟩. ⟨hal-01589192v2⟩
563 Consultations
1110 Téléchargements

Altmetric

Partager

Gmail Facebook X LinkedIn More