Detail výsledku

Characteristics of Buffer Overflow Attacks Tunneled in HTTP Traffic

HOMOLIAK, I.; OVŠONKA, D.; KORANDA, K.; HANÁČEK, P. Characteristics of Buffer Overflow Attacks Tunneled in HTTP Traffic. In International Carnahan Conference on Security Technology. 48th Annual International Carnahan Conference on Security Technology. Řím: IEEE Computer Society, 2014. p. 188-193. ISBN: 978-1-4799-3531-4.

Typ

článek ve sborníku konference

Jazyk

anglicky

Autoři

Homoliak Ivan, doc. Ing., Ph.D., UITS (FIT)
Ovšonka Daniel, Ing., UITS (FIT)
Koranda Karel, Ing., RE-KAS (RE), UITS (FIT)
Hanáček Petr, doc. Dr. Ing., UITS (FIT)

Abstrakt

The purpose of this article is to describe characteristics of obfuscated network buffer overflow attacks in contrast with characteristics of directly simulated attacks. The obfuscation was performed by tunneling of malicious traffic in HTTP and HTTPS protocols. These protocols wrap a malicious communication between an attacker situated outside of an intranet and a callback located inside of an intranet. The detection analysis which we perform is based on features extraction from network packets dumps and it employs a behavioral and statistical analysis of communications' progress in time and packet index domain. There were performed experiments in four scenarios simulating traffic shaping, traffic policing and transmission on unreliable network channel to make properties of direct attacks and obfuscated attacks as various as possible. Next part of this article is comparison of obfuscated and direct attacks classification by our previously designed ASNM network features with state-of-the-art features set of A. Moore, both representing statistical and behavioral based experimental academic kernels for NBA. Presented results show better classification accuracy of ASNM features in all kinds of experiments.

Klíčová slova

protocol tunneling, network vulnerabilities, buffer overflow, obfuscation, NBA, AIPS, ASNM

Rok

2014

Strany

188–193

Sborník

International Carnahan Conference on Security Technology

Řada

48th Annual International Carnahan Conference on Security Technology

Konference

48th INTERNATIONAL CARNAHAN CONFERENCE ON SECURITY TECHNOLOGY 2014

ISBN

978-1-4799-3531-4

Vydavatel

IEEE Computer Society

Místo

Řím

DOI

10.13140/2.1.4945.1527

UT WoS

000369865000032

EID Scopus

2-s2.0-84931047740

BibTeX

@inproceedings{BUT111504,
  author="Ivan {Homoliak} and Daniel {Ovšonka} and Karel {Koranda} and Petr {Hanáček}",
  title="Characteristics of Buffer Overflow Attacks Tunneled in HTTP Traffic",
  booktitle="International Carnahan Conference on Security Technology",
  year="2014",
  series="48th Annual International Carnahan Conference on Security Technology",
  pages="188--193",
  publisher="IEEE Computer Society",
  address="Řím",
  doi="10.13140/2.1.4945.1527",
  isbn="978-1-4799-3531-4",
  url="https://www.fit.vut.cz/research/publication/10600/"
}

Soubory

pdf iccst20140_submission_108.pdf 276 kB

Projekty

Centrum excelence IT4Innovations, MŠMT, Operační program Výzkum a vývoj pro inovace, ED1.1.00/02.0070, zahájení: 2011-01-01, ukončení: 2015-12-31, ukončen
Spolehlivost a bezpečnost v IT, VUT, Vnitřní projekty VUT, FIT-S-14-2486, zahájení: 2014-01-01, ukončení: 2016-12-31, ukončen
Verifikace a optimalizace počítačových systémů, VUT, Vnitřní projekty VUT, FIT-S-12-1, zahájení: 2012-01-01, ukončení: 2014-12-31, ukončen

Výzkumné skupiny

Výzkumná skupina bezpečnosti informačních technologií (VZ Security@FIT)

Pracoviště

Ústav inteligentních systémů (UITS)