Scalable Network-Based Buffer Overflow Attack Detection
ثبت نشده
چکیده
Buffer overflow attack is the main attack method that most if not all existing malicious worms use to propagate themselves from machine to machine. Although a great deal of research has been invested in defense mechanisms against buffer overflow attack, most of them require modifications to the network applications and/or the platforms that host them. This paper presents a network-based buffer overflow attack detection system called Nebula1, which can detect both known and zeroday buffer overflow attacks based solely on the packets observed without requiring any modifications to the end hosts. Moreover, instead of deriving a specific signature for each individual buffer overflow attack instance, Nebula uses a generalized signature that can capture all known variants of buffer overflow attacks while reducing the number of false positives to a negligible level. In addition, Nebula is built on a centralized TCP/IP architecture that effectively defeats all existing NIDS evasion techniques. Finally, Nebula incorporates a downloaded payload identification mechanism that reduces further the false positive rate and scales the proposed buffer overflow attack detection scheme to gigabit net-
منابع مشابه
Network-Based Buffer Overflow Detection by Exploit Code Analysis
Buffer overflow attacks continue to be a major security problem and detecting attacks of this nature is therefore crucial to network security. Signature based network based intrusion detection systems (NIDS) compare network traffic to signatures modelling suspicious or attack traffic to detect network attacks. Since detection is based on pattern matching, a signature modelling the attack must e...
متن کاملBuffer Overflow Attack Blocking Using MCAIDS- Machine Code Analysis Intrusion Detection System
MCAIDS-Machine Code Analysis Intrusion Detection System for blocking code-injection buffer overflow attack messages targeting at various Internet services such as web service. With the increasing access of Internet,the Internet threat takes a form of attack, targetting individuals users to gain control over network and data. Buffer overlow is one of the most occuring security vulnerability in c...
متن کاملA Computation-Communication Sequencing Model for Intrusion Detection Systems
A Computation-Communication Sequencing model for network-based computer attacks is proposed. Simplicity of abstraction is achieved by concentrating exclusively on the computation and communication processes involved in an attack. This paper presents preliminary studies resulting from our approach. Applications to port scanning, SYN flood attack and buffer overflow attack are given. The proposed...
متن کاملDIRA: Automatic Detection, Identification and Repair of Control-Hijacking Attacks
Buffer overflow attacks are known to be the most common type of attacks that allow attackers to hijack a remote system by sending a specially crafted packet to a vulnerable network application running on it. A comprehensive defense strategy against such attacks should include (1) an attack detection component that determines the fact that a program is compromised and prevents the attack from fu...
متن کاملIntrusion Detection of NSM Based DoS Attacks Using Data Mining in Smart Grid
In this paper, we analyze the Network and System Management (NSM) requirements and NSM data objects for the intrusion detection of power systems; NSM is an IEC 62351-7 standard. We analyze a SYN flood attack and a buffer overflow attack to cause the Denial of Service (DoS) attack described in NSM. After mounting the attack in our attack testbed, we collect a data set, which is based on attribut...
متن کامل