Scalable network-based buffer overflow attack detection

Fu Hau Hsu, Fanglu Guo, Tzi Cker Chiueh

研究成果: 書貢獻/報告類型會議論文篇章同行評審

13 引文 斯高帕斯(Scopus)

摘要

Buffer overflow attack is the main attack method that most if not all existing malicious worms use to propagate themselves from machine to machine. Although a great deal of research has been invested in defense mechanisms against buffer overflow attack, most of them require modifications to the network applications and/or the platforms that host them. Being an extension work of CTCP, this paper presents a network-based low performance overhead buffer overflow attack detection system called Nebula 1 NEtwork-based BUffer overfLow Attack detection, which can detect both known and zero-day buffer overflow attacks based solely on the packets observed without requiring any modifications to the end hosts. Moreover, instead of deriving a specific signature for each individual buffer overflow attack instance, Nebula uses a generalized signature that can capture all known variants of buffer overflow attacks while reducing the number of false positives to a negligible level. In addition, Nebula is built on a centralized TCP/IP architecture that effectively defeats all existing NIDS evasion techniques. Finally, Nebula incorporates a payload type identification mechanism that reduces further the false positive rate and scales the proposed buffer overflow attack detection scheme to gigabit network links.

原文???core.languages.en_GB???
主出版物標題ANCS 2006 - Proceedings of the 2006 ACM/IEEE Symposium on Architectures for Networking and Communications Systems
頁面163-171
頁數9
DOIs
出版狀態已出版 - 2006
事件2nd ACM/IEEE Symposium on Architectures for Networking and Communications Systems, ANCS 2006 - San Jose, CA, United States
持續時間: 3 12月 20065 12月 2006

出版系列

名字ANCS 2006 - Proceedings of the 2006 ACM/IEEE Symposium on Architectures for Networking and Communications Systems

???event.eventtypes.event.conference???

???event.eventtypes.event.conference???2nd ACM/IEEE Symposium on Architectures for Networking and Communications Systems, ANCS 2006
國家/地區United States
城市San Jose, CA
期間3/12/065/12/06

引用此