Publication Details

Characteristics of Buffer Overflow Attacks Tunneled in HTTP Traffic

HOMOLIAK Ivan, OVŠONKA Daniel, KORANDA Karel and HANÁČEK Petr. Characteristics of Buffer Overflow Attacks Tunneled in HTTP Traffic. In: International Carnahan Conference on Security Technology. 48th Annual International Carnahan Conference on Security Technology. Řím: IEEE Computer Society, 2014, pp. 188-193. ISBN 978-1-4799-3531-4.
Czech title
Charakteristiky buffer overflow útoků tunelovaných v HTTP provozu
Type
conference paper
Language
english
Authors
Homoliak Ivan, Ing., Ph.D. (DITS FIT BUT)
Ovšonka Daniel, Ing. (DITS FIT BUT)
Koranda Karel, Ing. (DITS FIT BUT)
Hanáček Petr, doc. Dr. Ing. (DITS FIT BUT)
Keywords

protocol tunneling, network vulnerabilities, buffer overflow, obfuscation, NBA, AIPS, ASNM

Abstract

The purpose of this article is to describe characteristics of obfuscated network buffer overflow attacks in contrast with characteristics of directly simulated attacks. The obfuscation was performed by tunneling of malicious traffic in HTTP and HTTPS protocols. These protocols wrap a malicious communication between an attacker situated outside of an intranet and a callback located inside of an intranet. The detection analysis which we perform is based on features extraction from network packets dumps and it employs a behavioral and statistical analysis of communications' progress in time and packet index domain. There were performed experiments in four scenarios simulating traffic shaping, traffic policing and transmission on unreliable network channel to make properties of direct attacks and  obfuscated attacks as various as possible. Next part of this article is comparison of obfuscated and direct attacks classification by our previously designed ASNM network features with state-of-the-art features set of A. Moore, both representing statistical and behavioral based experimental academic kernels for NBA. Presented results show better classification accuracy of ASNM features in all kinds of experiments.

Published
2014
Pages
188-193
Proceedings
International Carnahan Conference on Security Technology
Series
48th Annual International Carnahan Conference on Security Technology
Conference
48th INTERNATIONAL CARNAHAN CONFERENCE ON SECURITY TECHNOLOGY 2014, Rím, IT
ISBN
978-1-4799-3531-4
Publisher
IEEE Computer Society
Place
Řím, IT
DOI
UT WoS
000369865000032
EID Scopus
BibTeX
@INPROCEEDINGS{FITPUB10600,
   author = "Ivan Homoliak and Daniel Ov\v{s}onka and Karel Koranda and Petr Han\'{a}\v{c}ek",
   title = "Characteristics of Buffer Overflow Attacks Tunneled in HTTP Traffic",
   pages = "188--193",
   booktitle = "International Carnahan Conference on Security Technology",
   series = "48th Annual International Carnahan Conference on Security Technology",
   year = 2014,
   location = "\v{R}\'{i}m, IT",
   publisher = "IEEE Computer Society",
   ISBN = "978-1-4799-3531-4",
   doi = "10.13140/2.1.4945.1527",
   language = "english",
   url = "https://www.fit.vut.cz/research/publication/10600"
}
Files
Back to top