Decompression Quines and Anti-Viruses

Abstract : Data compression is ubiquitous to any information and communication system. It often reduces resources required to store and transmit data. However, the efficiency of compression algorithms also makes them an obvious target for hackers to mount denial-of-service attacks. In this work, we consider decompression quines, a specific class of compressed files that decompress to themselves. We analyze all the known decompression quines by studying their structures , and their impact on anti-viruses. Our analysis reveals that most of the anti-viruses do not have a suitable architecture in place to detect decompression quines. Even worse, some of them are vulnerable to denial-of-service attacks exploiting quines. Motivated by our findings, we study several quine detectors and propose a new one that exploits the fact that quines and non-quine files do not share the same underlying structure. Our evaluation against different datasets shows that the detector incurs no performance overhead at the expense of a low false positive rate.
Complete list of metadatas

https://hal.inria.fr/hal-01589192
Contributor : Amrit Kumar <>
Submitted on : Friday, January 20, 2017 - 2:12:50 AM
Last modification on : Friday, June 21, 2019 - 9:54:31 AM
Long-term archiving on : Friday, April 21, 2017 - 12:58:18 PM

File

quine.pdf
Files produced by the author(s)

Identifiers

Citation

Margaux Canet, Amrit Kumar, Cédric Lauradoux, Mary-Andréa Rakotomanga, Reihaneh Safavi-Naini. Decompression Quines and Anti-Viruses. CODASPY 2017 - 7th ACM Conference on Data and Application Security and Privacy, Mar 2017, Scottsdale, United States. ⟨10.1145/3029806.3029818⟩. ⟨hal-01589192v2⟩

Share

Metrics

Record views

659

Files downloads

660