Title :
A Metric for Identifying System Exploitation using Buffer Overflow
Author :
Allgeier, Michelle ; Desoky, Ahmed
Author_Institution :
Dept. of Comput. Eng. & Comput. Sci., Louisville Univ., KY
Abstract :
Buffer overflow attacks affect the workings of different processes within any computer. It is hypothesized that the number of processes running on the system will change when a buffer overflow has occurred. This hypothesis is tested by gathering data from a Red Hat Linux 9 system and a Windows XP system both before and after exploitation. By using statistical analysis, the data from both systems are compared. The results from the experiment support the hypothesis. On the Red Hat system, the number of processes running after exploitation increases. On the Windows system, the number of processes running decreases due to the fact that explorer responds to the change by restarting itself. Thus, the results support the hypothesis that the number of processes running on a system change after an exploit occurs. These results indicate that a program that monitors the number of processes running on the system and provides statistical feedback about that data will offer a warning if a system has been compromised
Keywords :
invasive software; operating systems (computers); statistical analysis; Red Hat Linux 9 system; Windows XP system; buffer overflow attacks; statistical analysis; statistical feedback; system exploitation; Buffer overflow; Computer languages; Computer science; Computer worms; Information technology; Internet; Operating systems; Programming profession; Signal processing; System testing;
Conference_Titel :
Signal Processing and Information Technology, 2006 IEEE International Symposium on
Conference_Location :
Vancouver, BC
Print_ISBN :
0-7803-9753-3
Electronic_ISBN :
0-7803-9754-1
DOI :
10.1109/ISSPIT.2006.270848
