Network-Based Buffer Overflow Detection by Exploit Code Analysis
作者: George Mohay , Andrew Clark , Stig Andersson
DOI:
关键词:
摘要: Buffer overflow attacks continue to be a major security problem and detecting of this nature is therefore crucial network security. Signature based intrusion detection systems (NIDS) compare traffic signatures modelling suspicious or attack detect attacks. Since on pattern matching, signature the must exist for NIDS it, it only capable known This paper proposes method buffer by parsing payload packets in search shellcode which remotely executable component attack. By analysing possible determine system calls exploit uses, hence operation exploit. Current NIDS-based techniques mainly rely upon specific each new Our approach able previously unseen attacks, addition existing ones, without need The has been implemented tested Linux Intel x86 architecture using Snort NIDS.
参考文章(10)
Erik W. Troan, Michael K. Johnson, Linux Application Development ,(1998)
Perry Wagle, Jonathan Walpole, Calton Pu, Steve Beattie, Aaron Grier, Crispin Cowan, Heather Hintony, Qian Zhang, Peat Bakke, Dave Maier, StackGuard: automatic adaptive detection and prevention of buffer-overflow attacks usenix security symposium. pp. 5- 5 ,(1998)
Martin Roesch, Snort - Lightweight Intrusion Detection for Networks usenix large installation systems administration conference. pp. 229- 238 ,(1999)
Massimo Bernaschi, Emanuele Gabrielli, Luigi V. Mancini, Operating system enhancements to prevent the misuse of system calls computer and communications security. ,vol. 1, pp. 174- 183 ,(2000) , 10.1145/352600.352624
David Larochelle, David Evans, Statically detecting likely buffer overflow vulnerabilities usenix security symposium. pp. 14- 14 ,(2001)
U. Lindqvist, P.A. Porras, Detecting computer and network misuse through the production-based expert system toolset (P-BEST) ieee symposium on security and privacy. pp. 146- 161 ,(1999) , 10.1109/SECPRI.1999.766911
C. Cowan, F. Wagle, Calton Pu, S. Beattie, J. Walpole, Buffer overflows: attacks and defenses for the vulnerability of the decade darpa information survivability conference and exposition. ,vol. 2, pp. 119- 129 ,(2000) , 10.1109/DISCEX.2000.821514
C. Cowan, P. Wagle, C. Pu, S. Beattie, J. Walpole, Buffer overflows: attacks and defenses for the vulnerability of the decade Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems]. pp. 227- 237 ,(2003) , 10.1109/FITS.2003.1264935
Christopher Kruegel, Thomas Toth, Accurate buffer overflow detection via abstract payload execution Lecture Notes in Computer Science. pp. 274- 291 ,(2002)
A. One, Smashing The Stack For Fun And Profit Phrack. ,vol. 7, ,(1996)