Conference paper

HOMOLIAK Ivan, OVŠONKA Daniel, KORANDA Karel and HANÁČEK Petr. Characteristics of Buffer Overflow Attacks Tunneled in HTTP Traffic. In: International Carnahan Conference on Security Technology. Rím: IEEE Computer Society, 2014, pp. 188-193. ISBN 978-1-4799-3531-4.
Publication language:english
Original title:Characteristics of Buffer Overflow Attacks Tunneled in HTTP Traffic
Title (cs):Charakteristiky buffer overflow útoků tunelovaných v HTTP provozu
Pages:188-193
Proceedings:International Carnahan Conference on Security Technology
Conference:48th INTERNATIONAL CARNAHAN CONFERENCE ON SECURITY TECHNOLOGY 2014
Series:48th Annual International Carnahan Conference on Security Technology
Place:Rím, IT
Year:2014
ISBN:978-1-4799-3531-4
Publisher:IEEE Computer Society
Files: 
+Type Name Title Size Last modified
iconiccst20140_submission_108.pdf276 KB2014-07-10 12:33:53
^ Select all
With selected:
Keywords
protocol tunneling, network vulnerabilities, buffer overflow, obfuscation, NBA, AIPS, ASNM
Annotation
The purpose of this article is to describe characteristics of obfuscated network buffer overflow attacks in contrast with characteristics of directly simulated attacks. The obfuscation was performed by tunneling of malicious traffic in HTTP and HTTPS protocols. These protocols wrap a malicious communication between an attacker situated outside of an intranet and a callback located inside of an intranet. The detection analysis which we perform is based on features extraction from network packets dumps and it employs a behavioral and statistical analysis of communications' progress in time and packet index domain. There were performed experiments in four scenarios simulating traffic shaping, traffic policing and transmission on unreliable network channel to make properties of direct attacks and  obfuscated attacks as various as possible. Next part of this article is comparison of obfuscated and direct attacks classification by our previously designed ASNM network features with state-of-the-art features set of A. Moore, both representing statistical and behavioral based experimental academic kernels for NBA. Presented results show better classification accuracy of ASNM features in all kinds of experiments.
BibTeX:
@INPROCEEDINGS{
   author = {Ivan Homoliak and Daniel Ov{\v{s}}onka and Karel Koranda and
	Petr Han{\'{a}}{\v{c}}ek},
   title = {Characteristics of Buffer Overflow Attacks Tunneled in HTTP
	Traffic},
   pages = {188--193},
   booktitle = {International Carnahan Conference on Security Technology},
   series = {48th Annual International Carnahan Conference on Security
	Technology},
   year = {2014},
   location = {R{\'{i}}m, IT},
   publisher = {IEEE Computer Society},
   ISBN = {978-1-4799-3531-4},
   language = {english},
   url = {http://www.fit.vutbr.cz/research/view_pub.php.en.iso-8859-2?id=10600}
}

Your IPv4 address: 54.227.127.109
Switch to IPv6 connection

DNSSEC [dnssec]