Sciweavers

ACSAC
2005
IEEE

A Framework for Detecting Network-based Code Injection Attacks Targeting Windows and UNIX

14 years 6 months ago
A Framework for Detecting Network-based Code Injection Attacks Targeting Windows and UNIX
Code injection vulnerabilities continue to prevail. Attacks of this kind such as stack buffer overflows and heap buffer overflows account for roughly half of the vulnerabilities discovered in software every year. The research presented in this paper extends earlier work in the area of code injection attack detection in UNIX environments. It presents a framework for detecting new or previously unseen code injection attacks in a heterogeneous networking environment and compares code injection attack and detection strategies used in the UNIX and Windows environments. The approach presented is capable of detecting both obfuscated and clear text attacks, and is suitable for implementation in the Windows environment. A prototype intrusion detection system (IDS) capable of detecting code injection attacks, both clear text attacks and obfuscated attacks, which targets Windows systems is presented.
Stig Andersson, Andrew Clark, George M. Mohay, Bra
Added 24 Jun 2010
Updated 24 Jun 2010
Type Conference
Year 2005
Where ACSAC
Authors Stig Andersson, Andrew Clark, George M. Mohay, Bradley Schatz, Jacob Zimmermann
Comments (0)