Tales from the Crypt: fingerprinting attacks on encrypted channels by way of retainting
作者: Michael Valkering , Asia Slowinska , Herbert Bos
DOI: 10.1007/978-0-387-85555-4_1
关键词:
摘要: Paradoxically, encryption makes it hard to detect, fingerprint and stop exploits. We describe Hassle, a honeypot capable of detecting fingerprinting monomorphic polymorphic attacks on encrypted channels. It uses dynamic taint analysis in an emulator detect attacks, tags each tainted byte memory with pointer its origin the corresponding network trace. Upon attack, we correlate blocks trace generate various types signature. As correlation data is difficult, retaint connections, making point decrypted instead.
springer.com
core.ac.uk
narcis.nl
researchgate.net 参考文章(20)
Barton P. Miller, Somesh Jha, Jonathon T. Giffin, Efficient Context-Sensitive Intrusion Detection. network and distributed system security symposium. ,(2004)
G. Portokalidis, H.J. Bos, J.M. Slowinska, Argos: an Emulator for Fingerprinting Zero-Day Attacks ,(2006)
Timothy W. Curry, Profiling and tracing dynamic library usage via interposition usenix summer technical conference. pp. 18- 18 ,(1994)
Thomas Toth, Christopher Kruegel, Accurate buffer overflow detection via abstract payload execution recent advances in intrusion detection. pp. 274- 291 ,(2002) , 10.1007/3-540-36084-0_15
Niels Provos, Improving host security with system call policies usenix security symposium. pp. 18- 18 ,(2003)
Vern Paxson, Bro: a system for detecting network intruders in real-time Computer Networks. ,vol. 31, pp. 2435- 2463 ,(1999) , 10.1016/S1389-1286(99)00112-7
Christopher Kruegel, Engin Kirda, Darren Mutz, William Robertson, Giovanni Vigna, Polymorphic Worm Detection Using Structural Information of Executables Lecture Notes in Computer Science. pp. 207- 226 ,(2006) , 10.1007/11663812_11
Martin Roesch, Snort - Lightweight Intrusion Detection for Networks usenix large installation systems administration conference. pp. 229- 238 ,(1999)
Corrado Leita, Marc Dacier, Georg Wicherski, SGNET: a distributed infrastructure to handle zero-day exploits EURECOM. ,(2007)
Alex Ho, Michael Fetterman, Christopher Clark, Andrew Warfield, Steven Hand, Practical taint-based protection using demand emulation Proceedings of the 2006 EuroSys conference on - EuroSys '06. ,vol. 40, pp. 29- 41 ,(2006) , 10.1145/1217935.1217939