A Metric for Identifying System Exploitation using Buffer Overflow

Author

Allgeier, Michelle ; Desoky, Ahmed

Author_Institution

Dept. of Comput. Eng. & Comput. Sci., Louisville Univ., KY

fYear

2006

fDate

Aug. 2006

Firstpage

474

Lastpage

477

Abstract

Buffer overflow attacks affect the workings of different processes within any computer. It is hypothesized that the number of processes running on the system will change when a buffer overflow has occurred. This hypothesis is tested by gathering data from a Red Hat Linux 9 system and a Windows XP system both before and after exploitation. By using statistical analysis, the data from both systems are compared. The results from the experiment support the hypothesis. On the Red Hat system, the number of processes running after exploitation increases. On the Windows system, the number of processes running decreases due to the fact that explorer responds to the change by restarting itself. Thus, the results support the hypothesis that the number of processes running on a system change after an exploit occurs. These results indicate that a program that monitors the number of processes running on the system and provides statistical feedback about that data will offer a warning if a system has been compromised

Keywords

invasive software; operating systems (computers); statistical analysis; Red Hat Linux 9 system; Windows XP system; buffer overflow attacks; statistical analysis; statistical feedback; system exploitation; Buffer overflow; Computer languages; Computer science; Computer worms; Information technology; Internet; Operating systems; Programming profession; Signal processing; System testing;

fLanguage

English

Publisher

ieee

Conference_Titel

Signal Processing and Information Technology, 2006 IEEE International Symposium on

Conference_Location

Vancouver, BC

Print_ISBN

0-7803-9753-3

Electronic_ISBN

0-7803-9754-1

Type

conf

DOI

10.1109/ISSPIT.2006.270848

Filename

4042290