A framework for detecting network-based code injection attacks targeting Windows and UNIX

Author

Andersson, Stig ; Clark, Andrew ; Mohay, George ; Schatz, Bradley ; Zimmermann, Jacob

Author_Institution

Inf. Security Inst., Queensland Univ. of Technol., Brisbane, Qld.

fYear

2005

fDate

5-9 Dec. 2005

Lastpage

58

Abstract

Code injection vulnerabilities continue to prevail. Attacks of this kind such as stack buffer overflows and heap buffer overflows account for roughly half of the vulnerabilities discovered in software every year. The research presented in this paper extends earlier work in the area of code injection attack detection in UNIX environments. It presents a framework for detecting new or previously unseen code injection attacks in a heterogeneous networking environment and compares code injection attack and detection strategies used in the UNIX and Windows environments. The approach presented is capable of detecting both obfuscated and clear text attacks, and is suitable for implementation in the Windows environment. A prototype intrusion detection system (IDS) capable of detecting code injection attacks, both clear text attacks and obfuscated attacks, which targets Windows systems is presented

Keywords

operating systems (computers); security of data; UNIX; Windows system; clear text attack; code injection vulnerability; heap buffer overflow; heterogeneous network; intrusion detection system; network code injection attack detection; obfuscated attack; software vulnerability; stack buffer overflow; Application software; Australia; Buffer overflow; Computer architecture; Information security; Intrusion detection; Jacobian matrices; Monitoring; Prototypes; Taxonomy;

fLanguage

English

Publisher

ieee

Conference_Titel

Computer Security Applications Conference, 21st Annual

Conference_Location

Tucson, AZ

ISSN

1063-9527

Print_ISBN

0-7695-2461-3

Type

conf

DOI

10.1109/CSAC.2005.5

Filename

1565234