Sciweavers

PST
2008

Mimicry Attacks Demystified: What Can Attackers Do to Evade Detection?

14 years 26 days ago
Mimicry Attacks Demystified: What Can Attackers Do to Evade Detection?
Mimicry attacks have been the focus of detector research where the objective of the attacker is to generate an attack that evades detection while achieving the attacker's goals. If such an attack can be found, it implies that the target detector is vulnerable against mimicry attacks. In this work, we emphasize that there are two components of a buffer overflow attack: the preamble and the exploit. Although the attacker can modify the exploit component easily, the attacker may not be able to prevent preamble from generating anomalous behavior since during preamble stage, the attacker does not have full control. Previous work on mimicry attacks considered an attack to completely evade detection, if the exploit raises no alarms. On the other hand, in this work, we investigate the source of anomalies in both the preamble and the exploit components against two anomaly detectors that monitor four vulnerable UNIX applications. Our experiment results show that preamble can be a source of...
Hilmi Günes Kayacik, A. Nur Zincir-Heywood
Added 30 Oct 2010
Updated 30 Oct 2010
Type Conference
Year 2008
Where PST
Authors Hilmi Günes Kayacik, A. Nur Zincir-Heywood
Comments (0)