Different from recent probabilistic packet marking (PPM) methods, Dynamic PPM may solve many problems of traditional methods, such as loss of marking information, hard to reconstruct attack path, low accuracy, and so on. A novel DPPM approach is proposed and the network simulation software (NS2) is used to verify the performance and efficiency of the approach by constructing simulation DOS environments. In comparison with PPM methods, simulation results show that DPPM is much better.

Remote exploit attacks are the most serious threats in network security area. Polymorphism is a kind of code-modifying technique used to evade detection. A novel approach using static analysis methods is proposed to discover the polymorphic exploit codes hiding in network data flows. The idea of abstract execution is firstly adopted to construct control flow graph, then both symbolic execution and taint analysis are used to detect exploit payloads, at last predefined length of NOOP instruction sequence is recognized to help detection. Experimental results show that the approach is capable of correctly distinguishing the exploit codes from regular network flows.