Publication Details

Buffer Overflow Attacks Data Acquisition

DROZD Michal, BARABAS Maroš, GRÉGR Matěj and CHMELAŘ Petr. Buffer Overflow Attacks Data Acquisition. In: Proceedings of the 6th IEEE International Conference on IDAACS 2011. Volume 2. Praha: Institute of Electrical and Electronics Engineers, 2011, pp. 775-779. ISBN 978-1-4577-1423-8.
Czech title
Získavání dat o buffer overflow útocích
Type
conference paper
Language
english
Authors
Drozd Michal, Ing. (DITS FIT BUT)
Barabas Maroš, Ing., Ph.D. (DITS FIT BUT)
Grégr Matěj, Ing., Ph.D. (DIFS FIT BUT)
Chmelař Petr, Ing. (DIFS FIT BUT)
Keywords

malware, buffer overflow, network monitoring, honeypot, data acquisition, statistics

Abstract

This article describes the acquisition of data from buffer overflow attacks from university campus and enterprise network. It provides an overview of the design of system for gathering data, learning and detection of zero day malware using shadow honeypot Argos and low interaction honeypot HoneyD.

Annotation

In this article, we investigate the network traffic that may cause the unauthorized control of a computer in the campus network using buffer overflow attacks, the objective of which is to gain the control of privileged programs and computers. We provide statistics of the network traffic in a campus and an eterprise network together with probabilities of a buffer overflow attack to provide attakers the most vulnerable services using low interaction honeypot HoneyD together with a highly interactive shadow honeypot Argos that were used to detect attacks and describe their detection profiles. In this manner, we can collect data to be used for training classifiers to predict and detect even zero day vulnerabilities and malware. Our intension is to acquaint dataset that can identify serious security threats in much higher details, compared to 1999 KDD Cup dataset.

Published
2011
Pages
775-779
Proceedings
Proceedings of the 6th IEEE International Conference on IDAACS 2011
Series
Volume 2
Conference
Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications, Praha, CZ
ISBN
978-1-4577-1423-8
Publisher
Institute of Electrical and Electronics Engineers
Place
Praha, CZ
BibTeX
@INPROCEEDINGS{FITPUB9700,
   author = "Michal Drozd and Maro\v{s} Barabas and Mat\v{e}j Gr\'{e}gr and Petr Chmela\v{r}",
   title = "Buffer Overflow Attacks Data Acquisition",
   pages = "775--779",
   booktitle = "Proceedings of the 6th IEEE International Conference on IDAACS 2011",
   series = "Volume 2",
   year = 2011,
   location = "Praha, CZ",
   publisher = "Institute of Electrical and Electronics Engineers",
   ISBN = "978-1-4577-1423-8",
   language = "english",
   url = "https://www.fit.vut.cz/research/publication/9700"
}
Back to top