bufferoverflows are a common type of network intrusion attack that continue to plague the networked community. This paper investigated the use of Random Forests, an ensemble technique that creates multiple decision t...
详细信息
ISBN:
(纸本)9781315265278;9781138029873
bufferoverflows are a common type of network intrusion attack that continue to plague the networked community. This paper investigated the use of Random Forests, an ensemble technique that creates multiple decision trees, and then votes for the best tree. The paper investigated Random Forests' effectiveness in detecting bufferoverflows compared to other data mining methods such as CART and Naive Bayes. The experiment was able to show that Random Forests outperformed CART and Naive Bayes in classification performance.
In the dynamic realm of cybersecurity, the perpetual struggle between security systems and malicious exploits persists. Among these threats, bufferoverflow vulnerabilities remain a persistent challenge continually ad...
详细信息
ISBN:
(纸本)9783031640636;9783031640643
In the dynamic realm of cybersecurity, the perpetual struggle between security systems and malicious exploits persists. Among these threats, bufferoverflow vulnerabilities remain a persistent challenge continually adapting to evade modern mitigation techniques such as NX, RELRO, Stack canaries and PIE. To confront these sophisticated threats, our research introduces PwnShield as an advanced program designed to detect and exploit bufferoverflow vulnerabilities effectively and bypass modern mitigation methods. Leveraging the robust capabilities of Python's Pwntools and r2pipe libraries, PwnShield excels in exploitation by combining fuzzing and static binary analysis compared to existing tools like BofAEG and autoBOF, PwnShield demonstrates superior performance and showcases its ability to handle bufferoverflow exploitation and bypass a comprehensive range of modern mitigation techniques. PwnShield represents a significant advancement in cybersecurity in an environment where detecting and exploiting bufferoverflows presents formidable challenges. With limited research dedicated to addressing these complexities, we are pushing the boundaries of bufferoverflow detection and exploitation automation, heralding a new era of progress in the field.
buffer overflow attacks have been the most common form in the network attacks and become a predominant problem in the system and network security area. With specific programs, this paper describes in detail the type o...
详细信息
ISBN:
(纸本)9780819495662
buffer overflow attacks have been the most common form in the network attacks and become a predominant problem in the system and network security area. With specific programs, this paper describes in detail the type of buffer overflow attacks and technical principles, so we have a good understanding of them, and then gives several common preventive measures.
Illegal use of memory pointers is a serious security vulnerability. A large number of malwares exploit the spatial and temporal nature of these vulnerabilities to subvert execution or glean sensitive data from an appl...
详细信息
Illegal use of memory pointers is a serious security vulnerability. A large number of malwares exploit the spatial and temporal nature of these vulnerabilities to subvert execution or glean sensitive data from an application. Recent countermeasures attach metadata to memory pointers, which define the pointer's capabilities. The metadata is used by the hardware to validate pointer-based memory accesses. However, recent works have considerable overheads. Further, the pointer validation is decoupled from the actual memory access. We show that this could open up vulnerabilities in multithreaded applications and introduce new vulnerabilities due to speculation in out-of-order processors. In this article, we demonstrate that the overheads can be reduced considerably by efficient metadata management. We show that the hardware can be designed in a manner that would remain safe in multithreaded applications and immune to speculative vulnerabilities. We achieve these by ensuring that the pointer validations and the corresponding memory access is always done atomically and in order. To evaluate our scheme, which we call ALEXIA, we enhance an OpenRISC processor to perform the memory validation at runtime and also add compiler support. ALEXIA is the first hardware countermeasure scheme for memory protection that provides such an end-to-end solution. We evaluate the processor on an Altera FPGA and show that the runtime overhead, on average, is 14%, with negligible impact on the processor's size and clock frequency. There is also a negligible impact on the program's code and data sizes.
In this paper, we present a hardware/software coattack to hijack a program flow on microcontrollers. The basic idea is to skip a few instructions using multiple fault injection in microcontrollers in cooperation with ...
详细信息
In this paper, we present a hardware/software coattack to hijack a program flow on microcontrollers. The basic idea is to skip a few instructions using multiple fault injection in microcontrollers in cooperation with a software attack. We focus on bufferoverflow (BOF) attacks together with such multiple fault injection. The proposed attack can be applied to a program code with a typical software countermeasure against BOF attacks. The attack manipulates the program control flowby skipping specific instructions related to the countermeasure, and thus, the subsequent BOF attack code is successfully executed on the microcontroller. We show the effectiveness of our proposed attack through experiments using an 8-bit AVR ATmega163 microcontroller and a 32-bit ARM Cortex-M0+ microcontroller, where the target software was equipped with a countermeasure limiting the size of user input against BOF attacks. The result showed that our attack can overwrite a return address stored in a stack and call an arbitrary malicious function. We also propose a software countermeasure against our attack and prove its validity by examining all the possible instruction skips.
Traditional Network Intrusion Detection Systems (NIDSs) rely on either specialized signatures of previously seen attacks, or on expensive and difficult to produce labeled traffic datasets for profiling and training. B...
详细信息
ISBN:
(纸本)9781479909599
Traditional Network Intrusion Detection Systems (NIDSs) rely on either specialized signatures of previously seen attacks, or on expensive and difficult to produce labeled traffic datasets for profiling and training. Both approaches share a common downside: they require the knowledge provided by an external agent, either in terms of signatures or as normal-operation profiles. In this paper we describe UNIDS, an Unsupervised NIDS capable of detecting 0-day attacks, i.e., network attacks for which no signature is yet available, without using any kind of signatures, labeled traffic, or training. UNIDS uses a novel unsupervised outliers detection approach based on Sub-Space Clustering and Multiple Evidence Accumulation techniques to pin-point different kinds of network intrusions and attacks such as DoS/DDoS, probing attacks, propagation of worms, bufferoverflows, illegal access to network resources, etc. In this paper we make the strong point that the de-facto approach for NIDS, namely the application of rule-based detection techniques, can be highly harmful for the protected network in case of 0-day attacks. In contrast, we show how UNIDS can work as a complementary system to current NIDS to detect the occurrence of previously unseen attacks. For doing so, we compare the performance of a standard rule-based NIDS against UNIDS to detect 0-day attacks in the well-known KDD99 dataset. In addition, we also compare the performance of UNIDS against other popular unsupervised detection techniques to detect attacks in traces collected at two operation networks.
We propose SigFree, an online signature-free out-of-the-box application-layer method for blocking code-injection bufferoverflow attack messages targeting at various Internet services such as web service. Motivated by...
详细信息
We propose SigFree, an online signature-free out-of-the-box application-layer method for blocking code-injection bufferoverflow attack messages targeting at various Internet services such as web service. Motivated by the observation that buffer overflow attacks typically contain executables whereas legitimate client requests never contain executables in most Internet services, SigFree blocks attacks by detecting the presence of code. Unlike the previous code detection algorithms, SigFree uses a new data-flow analysis technique called code abstraction that is generic, fast, and hard for exploit code to evade. SigFree is signature free, thus it can block new and unknown buffer overflow attacks;SigFree is also immunized from most attack-side code obfuscation methods. Since SigFree is a transparent deployment to the servers being protected, it is good for economical Internet-wide deployment with very low deployment and maintenance cost. We implemented and tested SigFree;our experimental study shows that the dependency-degree-based SigFree could block all types of code-injection attack packets ( above 750) tested in our experiments with very few false positives. Moreover, SigFree causes very small extra latency to normal client requests when some requests contain exploit code.
bufferoverflow vulnerabilities are one of the most commonly and widely exploited security vulnerabilities in programs. Most existing solutions for avoiding bufferoverflows are either inadequate, inefficient or incom...
详细信息
bufferoverflow vulnerabilities are one of the most commonly and widely exploited security vulnerabilities in programs. Most existing solutions for avoiding bufferoverflows are either inadequate, inefficient or incompatible with existing code. In this paper, we present a novel approach for transparent and efficient runtime protection against bufferoverflows. The approach is implemented by two tools: Type Information Extractor and Depositor (TIED) and LibsafePlus. TIED is first used on a binary executable or shared library file to extract type information from the debugging information inserted in the file by the compiler and reinsert it in the file as a data structure available at runtime. LibsafePlus is a shared library that is preloaded when the program is run. LibsafePlus intercepts unsafe C library calls such as strcpy and uses the type information made available by TIED at runtime to determine whether it would be 'safe' to carry out the operation. With our simple design we are able to protect most applications with a performance overhead of less than 10%. Copyright (C) 2006 John Wiley & Sons, Ltd.
暂无评论