Evolving Buffer Overflow Attacks with Detector Feedback

نویسندگان

  • Hilmi Günes Kayacik
  • Malcolm I. Heywood
  • A. Nur Zincir-Heywood
چکیده

A mimicry attack is an exploit in which basic behavioral objectives of a minimalist ’core’ attack are used to design multiple attacks achieving the same objective from the same application. Research in mimicry attacks is valuable in determining and eliminating detector weaknesses. In this work, we provide a process for evolving all components of a mimicry attack relative to the Stide (anomaly) detector under a Traceroute exploit. To do so, feedback from the detector is directly incorporated into the fitness function, thus guiding evolution towards potential blind spots in the detector. Results indicate that we are able to evolve mimicry attacks that reduce the detector anomaly rate from ~67% of the original core exploit, to less than 3%, effectively making the attack indistinguishable from normal behaviors.

برای دانلود رایگان متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Evolving Buffer Overflow Attacks with Detector Feedback

A mimicry attack is an exploit in which basic behavioral objectives of a minimalist ’core’ attack are used to design multiple attacks achieving the same objective from the same application. Research in mimicry attacks is valuable in determining and eliminating detector weaknesses. In this work, we provide a process for evolving all components of a mimicry attack relative to the Stide (anomaly) ...

متن کامل

A Practical Dynamic Buffer Overflow Detector

Despite previous efforts in auditing software manually and automatically, buffer overruns are still being discovered in programs in use. A dynamic bounds checker detects buffer overruns in erroneous software before it occurs and thereby prevents attacks from corrupting the integrity of the system. Dynamic buffer overrun detectors have not been adopted widely because they either (1) cannot guard...

متن کامل

Defending Embedded Systems Against Buffer Overflow via Hardware/Software

Buffer overflow attacks have been causing serious security problems for decades. With more embedded systems networked, it becomes an important research problem to defend embedded systems against buffer overflow attacks. In this paper, we propose the Hardware/Software Address Protection (HSAP) technique to solve this problem. We first classify buffer overflow attacks into two categories (stack s...

متن کامل

StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks

This paper presents a systematic solution to the persistent problem of buffer overflow attacks. Buffer overflow attacks gained notoriety in 1988 as part of the Morris Worm incident on the Internet. While it is fairly simple to fix individual buffer overflow vulnerabilities, buffer overflow attacks continue to this day. Hundreds of attacks have been discovered, and while most of the obvious vuln...

متن کامل

Libsafe: Transparent System-wide Protection Against Buffer Overflow Attacks

Libsafe is a practical solution that protects against the most common forms of buffer overflow attacks. Such attacks often result in granting the attacker full privileges on the target system. Libsafe is implemented as a shared library that intercepts calls to vulnerable standard library functions. Based on an inspection of the process stack and the function arguments, Libsafe ensures that no r...

متن کامل

ذخیره در منابع من

ذخیره در منابع من قبلا به منابع من ذحیره شده

{@ msg_add @}


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2007