Characteristics of Buffer Overflow Attacks Tunneled in HTTP Traffic
Identifikátory výsledku
Kód výsledku v IS VaVaI
<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216305%3A26230%2F14%3APU111909" target="_blank" >RIV/00216305:26230/14:PU111909 - isvavai.cz</a>
Výsledek na webu
<a href="http://www.fit.vutbr.cz/research/pubs/all.php?id=10600" target="_blank" >http://www.fit.vutbr.cz/research/pubs/all.php?id=10600</a>
DOI - Digital Object Identifier
—
Alternativní jazyky
Jazyk výsledku
angličtina
Název v původním jazyce
Characteristics of Buffer Overflow Attacks Tunneled in HTTP Traffic
Popis výsledku v původním jazyce
The purpose of this article is to describe characteristics of obfuscated network buffer overflow attacks in contrast with characteristics of directly simulated attacks. The obfuscation was performed by tunneling of malicious traffic in HTTP and HTTPS protocols. These protocols wrap a malicious communication between an attacker situated outside of an intranet and a callback located inside of an intranet. The detection analysis which we perform is based on features extraction from network packets dumps and it employs a behavioral and statistical analysis of communications' progress in time and packet index domain. There were performed experiments in four scenarios simulating traffic shaping, traffic policing and transmission on unreliable network channel to make properties of direct attacks and obfuscated attacks as various as possible. Next part of this article is comparison of obfuscated and direct attacks classification by our previously designed ASNM network features with state-of-the-art features set of A. Moore, both representing statistical and behavioral based experimental academic kernels for NBA. Presented results show better classification accuracy of ASNM features in all kinds of experiments.
Název v anglickém jazyce
Characteristics of Buffer Overflow Attacks Tunneled in HTTP Traffic
Popis výsledku anglicky
The purpose of this article is to describe characteristics of obfuscated network buffer overflow attacks in contrast with characteristics of directly simulated attacks. The obfuscation was performed by tunneling of malicious traffic in HTTP and HTTPS protocols. These protocols wrap a malicious communication between an attacker situated outside of an intranet and a callback located inside of an intranet. The detection analysis which we perform is based on features extraction from network packets dumps and it employs a behavioral and statistical analysis of communications' progress in time and packet index domain. There were performed experiments in four scenarios simulating traffic shaping, traffic policing and transmission on unreliable network channel to make properties of direct attacks and obfuscated attacks as various as possible. Next part of this article is comparison of obfuscated and direct attacks classification by our previously designed ASNM network features with state-of-the-art features set of A. Moore, both representing statistical and behavioral based experimental academic kernels for NBA. Presented results show better classification accuracy of ASNM features in all kinds of experiments.
Klasifikace
Druh
D - Stať ve sborníku
CEP obor
—
OECD FORD obor
10201 - Computer sciences, information science, bioinformathics (hardware development to be 2.2, social aspect to be 5.8)
Návaznosti výsledku
Projekt
<a href="/cs/project/ED1.1.00%2F02.0070" target="_blank" >ED1.1.00/02.0070: Centrum excelence IT4Innovations</a><br>
Návaznosti
P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)<br>S - Specificky vyzkum na vysokych skolach
Ostatní
Rok uplatnění
2014
Kód důvěrnosti údajů
S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů
Údaje specifické pro druh výsledku
Název statě ve sborníku
International Carnahan Conference on Security Technology
ISBN
978-1-4799-3531-4
ISSN
—
e-ISSN
—
Počet stran výsledku
6
Strana od-do
188-193
Název nakladatele
IEEE Computer Society
Místo vydání
Rím
Místo konání akce
Rím
Datum konání akce
13. 10. 2014
Typ akce podle státní příslušnosti
WRD - Celosvětová akce
Kód UT WoS článku
—