All

What are you looking for?

All
Projects
Results
Organizations

Quick search

  • Projects supported by TA ČR
  • Excellent projects
  • Projects with the highest public support
  • Current projects

Smart search

  • That is how I find a specific +word
  • That is how I leave the -word out of the results
  • “That is how I can find the whole phrase”

Features for Behavioral Anomaly Detection of Connectionless Network Buffer Overflow Attacks

The result's identifiers

  • Result code in IS VaVaI

    <a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216305%3A26230%2F16%3APU123243" target="_blank" >RIV/00216305:26230/16:PU123243 - isvavai.cz</a>

  • Result on the web

    <a href="https://link.springer.com/chapter/10.1007%2F978-3-319-56549-1_6" target="_blank" >https://link.springer.com/chapter/10.1007%2F978-3-319-56549-1_6</a>

  • DOI - Digital Object Identifier

    <a href="http://dx.doi.org/10.1007/978-3-319-56549-1_6" target="_blank" >10.1007/978-3-319-56549-1_6</a>

Alternative languages

  • Result language

    angličtina

  • Original language name

    Features for Behavioral Anomaly Detection of Connectionless Network Buffer Overflow Attacks

  • Original language description

    Buffer overflow (BO) attacks are one of the most dangerous threads in the area of network security. Methods for detection of BO attacks basically use two approaches: signature matching against packets' payload versus analysis of packets' headers with the behavioral analysis of the connection's flow. The second approach is intended for detection of BO attacks regardless of packets' content which can be ciphered. In this paper, we propose a technique based on Network Behavioral Anomaly Detection (NBAD) aimed at connectionless network traffic. A similar approach has already been used in related works, but focused on connection-oriented traffic. All principles of connection-oriented NBAD cannot be applied in connectionless anomaly detection. There is designed a set of features describing the behavior of connectionless BO attacks and the tool implemented for their offline extraction from network traffic dumps. Next, we describe experiments performed in the virtual network environment utilizing SIP and TFTP network services exploitation and further data mining experiments employing supervised machine learning (ML) and Naive Bayes classifier. The exploitation of services is performed using network traffic modifications with intention to simulate real network conditions. The experimental results show the proposed approach is capable of distinguishing BO attacks from regular network traffic with high precision and class recall.

  • Czech name

  • Czech description

Classification

  • Type

    D - Article in proceedings

  • CEP classification

  • OECD FORD branch

    10201 - Computer sciences, information science, bioinformathics (hardware development to be 2.2, social aspect to be 5.8)

Result continuities

  • Project

    <a href="/en/project/LQ1602" target="_blank" >LQ1602: IT4Innovations excellence in science</a><br>

  • Continuities

    P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)<br>S - Specificky vyzkum na vysokych skolach

Others

  • Publication year

    2017

  • Confidentiality

    S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Data specific for result type

  • Article name in the collection

    Information Security Applications - 17th International Workshop, WISA 2016, Jeju Island, Korea, August 25-27, 2016, Revised Selected Papers

  • ISBN

    978-3-319-56549-1

  • ISSN

    0302-9743

  • e-ISSN

  • Number of pages

    13

  • Pages from-to

    66-78

  • Publisher name

    Springer International Publishing

  • Place of publication

    Jeju Island

  • Event location

    Jeju Island, South Korea

  • Event date

    Aug 25, 2016

  • Type of event by nationality

    WRD - Celosvětová akce

  • UT code for WoS article

    000426125100006