Title :
Buffer overflow attacks data acquisition
Author :
Drozd, Michal ; Barabas, Maros ; Gregr, Matej ; Chmelar, Petr
Author_Institution :
FIT, Brno Univ. of Technol., Brno, Czech Republic
Abstract :
In this abstract, we investigate the network traffic that may cause the unauthorized control of a computer in the campus network using buffer overflow attacks, the objective of which is to gain the control of privileged programs and computers. We provide statistics of the network traffic in a campus and an enterprise network together with probabilities of a buffer overflow attack to provide attakers the most vulnerable services using low interaction honeypot HoneyD together with a highly interactive shadow honeypot Argos that were used to detect attacks and describe their detection profiles. In this manner, we can collect data to be used for training classifiers to predict and detect even zero day vulnerabilities and malware. Our intension is to acquaint dataset that can identify serious security threats in much higher details, compared to 1999 KDD Cup dataset.
Keywords :
authorisation; computer network security; data acquisition; data mining; interactive systems; invasive software; pattern classification; statistical analysis; telecommunication traffic; 1999 KDD Cup dataset; Argos; buffer overflow attacks data acquisition; campus network; classifiers training; detection profiles; enterprise network; interactive shadow honeypot; low interaction honeypot HoneyD; malware; network traffic; privileged programs; security threats; statistics; unauthorized control; vulnerable services; zero day vulnerability; Malware; buffer overflow; data acquisition; honeypot; network monitoring; statistics;
Conference_Titel :
Intelligent Data Acquisition and Advanced Computing Systems (IDAACS), 2011 IEEE 6th International Conference on
Conference_Location :
Prague
Print_ISBN :
978-1-4577-1426-9
DOI :
10.1109/IDAACS.2011.6072875
