All

What are you looking for?

All
Projects
Results
Organizations

Quick search

  • Projects supported by TA ČR
  • Excellent projects
  • Projects with the highest public support
  • Current projects

Smart search

  • That is how I find a specific +word
  • That is how I leave the -word out of the results
  • “That is how I can find the whole phrase”
EN
ČeštinaEnglish

Characteristics of Buffer Overflow Attacks Tunneled in HTTP Traffic

The result's identifiers

  • Result code in IS VaVaI

    <a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216305%3A26230%2F14%3APU111909" target="_blank" >RIV/00216305:26230/14:PU111909 - isvavai.cz</a>

  • Result on the web

    <a href="http://www.fit.vutbr.cz/research/pubs/all.php?id=10600" target="_blank" >http://www.fit.vutbr.cz/research/pubs/all.php?id=10600</a>

  • DOI - Digital Object Identifier

Alternative languages

  • Result language

    angličtina

  • Original language name

    Characteristics of Buffer Overflow Attacks Tunneled in HTTP Traffic

  • Original language description

    The purpose of this article is to describe characteristics of obfuscated network buffer overflow attacks in contrast with characteristics of directly simulated attacks. The obfuscation was performed by tunneling of malicious traffic in HTTP and HTTPS protocols. These protocols wrap a malicious communication between an attacker situated outside of an intranet and a callback located inside of an intranet. The detection analysis which we perform is based on features extraction from network packets dumps and it employs a behavioral and statistical analysis of communications' progress in time and packet index domain. There were performed experiments in four scenarios simulating traffic shaping, traffic policing and transmission on unreliable network channel to make properties of direct attacks and  obfuscated attacks as various as possible. Next part of this article is comparison of obfuscated and direct attacks classification by our previously designed ASNM network features with state-of-the-art features set of A. Moore, both representing statistical and behavioral based experimental academic kernels for NBA. Presented results show better classification accuracy of ASNM features in all kinds of experiments.

  • Czech name

  • Czech description

Classification

  • Type

    D - Article in proceedings

  • CEP classification

  • OECD FORD branch

    10201 - Computer sciences, information science, bioinformathics (hardware development to be 2.2, social aspect to be 5.8)

Result continuities

  • Project

    <a href="/en/project/ED1.1.00%2F02.0070" target="_blank" >ED1.1.00/02.0070: IT4Innovations Centre of Excellence</a><br>

  • Continuities

    P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)<br>S - Specificky vyzkum na vysokych skolach

Others

  • Publication year

    2014

  • Confidentiality

    S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Data specific for result type

  • Article name in the collection

    International Carnahan Conference on Security Technology

  • ISBN

    978-1-4799-3531-4

  • ISSN

  • e-ISSN

  • Number of pages

    6

  • Pages from-to

    188-193

  • Publisher name

    IEEE Computer Society

  • Place of publication

    Rím

  • Event location

    Rím

  • Event date

    Oct 13, 2014

  • Type of event by nationality

    WRD - Celosvětová akce

  • UT code for WoS article

Similar results(10)

NBA of Obfuscated Network Vulnerabilities' Exploitation Hidden into HTTPS TrafficASNM Datasets: A Collection of Network Attacks for Testing of Adversarial Classifiers and Intrusion DetectorsExploitation of NetEm Utility for Non-payload-based Obfuscation Techniques Improving Network Anomaly Detection