Detail publikace
Characteristics of Buffer Overflow Attacks Tunneled in HTTP Traffic
HOMOLIAK, I. OVŠONKA, D. KORANDA, K. HANÁČEK, P.
Originální název
Characteristics of Buffer Overflow Attacks Tunneled in HTTP Traffic
Anglický název
Characteristics of Buffer Overflow Attacks Tunneled in HTTP Traffic
Jazyk
en
Originální abstrakt
The purpose of this article is to describe characteristics of obfuscated network buffer overflow attacks in contrast with characteristics of directly simulated attacks. The obfuscation was performed by tunneling of malicious traffic in HTTP and HTTPS protocols. These protocols wrap a malicious communication between an attacker situated outside of an intranet and a callback located inside of an intranet. The detection analysis which we perform is based on features extraction from network packets dumps and it employs a behavioral and statistical analysis of communications' progress in time and packet index domain. There were performed experiments in four scenarios simulating traffic shaping, traffic policing and transmission on unreliable network channel to make properties of direct attacks and obfuscated attacks as various as possible. Next part of this article is comparison of obfuscated and direct attacks classification by our previously designed ASNM network features with state-of-the-art features set of A. Moore, both representing statistical and behavioral based experimental academic kernels for NBA. Presented results show better classification accuracy of ASNM features in all kinds of experiments.
Anglický abstrakt
The purpose of this article is to describe characteristics of obfuscated network buffer overflow attacks in contrast with characteristics of directly simulated attacks. The obfuscation was performed by tunneling of malicious traffic in HTTP and HTTPS protocols. These protocols wrap a malicious communication between an attacker situated outside of an intranet and a callback located inside of an intranet. The detection analysis which we perform is based on features extraction from network packets dumps and it employs a behavioral and statistical analysis of communications' progress in time and packet index domain. There were performed experiments in four scenarios simulating traffic shaping, traffic policing and transmission on unreliable network channel to make properties of direct attacks and obfuscated attacks as various as possible. Next part of this article is comparison of obfuscated and direct attacks classification by our previously designed ASNM network features with state-of-the-art features set of A. Moore, both representing statistical and behavioral based experimental academic kernels for NBA. Presented results show better classification accuracy of ASNM features in all kinds of experiments.
Dokumenty
BibTex
@inproceedings{BUT111504,
author="Ivan {Homoliak} and Daniel {Ovšonka} and Karel {Koranda} and Petr {Hanáček}",
title="Characteristics of Buffer Overflow Attacks Tunneled in HTTP Traffic",
annote="The purpose of this article is to describe characteristics of obfuscated network
buffer overflow attacks in contrast with characteristics of directly simulated
attacks. The obfuscation was performed by tunneling of malicious traffic in HTTP
and HTTPS protocols. These protocols wrap a malicious communication between an
attacker situated outside of an intranet and a callback located inside of an
intranet. The detection analysis which we perform is based on features extraction
from network packets dumps and it employs a behavioral and statistical analysis
of communications' progress in time and packet index domain. There were performed
experiments in four scenarios simulating traffic shaping, traffic policing and
transmission on unreliable network channel to make properties of direct attacks
and obfuscated attacks as various as possible. Next part of this article is
comparison of obfuscated and direct attacks classification by our previously
designed ASNM network features with state-of-the-art features set of A. Moore,
both representing statistical and behavioral based experimental academic kernels
for NBA. Presented results show better classification accuracy of ASNM features
in all kinds of experiments.",
address="IEEE Computer Society",
booktitle="International Carnahan Conference on Security Technology",
chapter="111504",
doi="10.13140/2.1.4945.1527",
edition="48th Annual International Carnahan Conference on Security Technology",
howpublished="print",
institution="IEEE Computer Society",
year="2014",
month="october",
pages="188--193",
publisher="IEEE Computer Society",
type="conference paper"
}