Skip to Main content Skip to Navigation
New interface
Conference papers

Decompression Quines and Anti-Viruses

Margaux Canet 1 Amrit Kumar 1, 2 Cédric Lauradoux 2 Mary-Andréa Rakotomanga 1 Reihaneh Safavi-Naini 3 
2 PRIVATICS - Privacy Models, Architectures and Tools for the Information Society
Inria Grenoble - Rhône-Alpes, CITI - CITI Centre of Innovation in Telecommunications and Integration of services, Inria Lyon
Abstract : Data compression is ubiquitous to any information and communication system. It often reduces resources required to store and transmit data. However, the efficiency of compression algorithms also makes them an obvious target for hackers to mount denial-of-service attacks. In this work, we consider decompression quines, a specific class of compressed files that decompress to themselves. We analyze all the known decompression quines by studying their structures , and their impact on anti-viruses. Our analysis reveals that most of the anti-viruses do not have a suitable architecture in place to detect decompression quines. Even worse, some of them are vulnerable to denial-of-service attacks exploiting quines. Motivated by our findings, we study several quine detectors and propose a new one that exploits the fact that quines and non-quine files do not share the same underlying structure. Our evaluation against different datasets shows that the detector incurs no performance overhead at the expense of a low false positive rate.
Complete list of metadata
Contributor : Amrit Kumar Connect in order to contact the contributor
Submitted on : Friday, January 20, 2017 - 2:12:50 AM
Last modification on : Thursday, August 4, 2022 - 5:18:36 PM
Long-term archiving on: : Friday, April 21, 2017 - 12:58:18 PM


Files produced by the author(s)




Margaux Canet, Amrit Kumar, Cédric Lauradoux, Mary-Andréa Rakotomanga, Reihaneh Safavi-Naini. Decompression Quines and Anti-Viruses. CODASPY 2017 - 7th ACM Conference on Data and Application Security and Privacy, Mar 2017, Scottsdale, United States. ⟨10.1145/3029806.3029818⟩. ⟨hal-01589192v2⟩



Record views


Files downloads