Title :
Short Paper: bufSTAT - a tool for early detection and classification of buffer overflow attacks
Author :
Radosavac, Svetlana ; Seamon, Karl ; Baras, John S.
Author_Institution :
University of Maryland
Abstract :
Buffer overflows constitute by far the most frequently encountered class of attacks against computer systems. In this paper we introduce a tool, termed bufSTAT that achieves a low probability of false alarm and issues early attack warnings. BufSTAT relies on Finite State Machines (FSM) for attack modeling and can detect every stage of an ongoing attack and can thus prevent its execution by issuing early warning in a progressive manner. It can also detect sophisticated multi-stage attacks that are executed over long periods of time. A significant attribute of our approach is that it is amenable to detecting unknown attacks as well after appropriate modification of bufSTAT.
Keywords :
Automata; Buffer overflow; Computer networks; Computer security; Delay; Educational institutions; Event detection; Hidden Markov models; Intrusion detection; Time factors;
Conference_Titel :
Security and Privacy for Emerging Areas in Communications Networks, 2005. SecureComm 2005. First International Conference on
Print_ISBN :
0-7695-2369-2
DOI :
10.1109/SECURECOMM.2005.38
