Sciweavers

CCS
2008
ACM

A practical mimicry attack against powerful system-call monitors

14 years 2 months ago
A practical mimicry attack against powerful system-call monitors
System-call monitoring has become the basis for many hostbased intrusion detection as well as policy enforcement techniques. Mimicry attacks attempt to evade system-call monitoring IDS by executing innocuous-looking sequences of system calls that accomplish the attacker's goals. Mimicry attacks may execute a sequence of dozens of system calls in order to evade detection. Finding such a sequence is difficult, so researchers have focused on tools for automating mimicry attacks and extending them to gray-box IDS1 . In this paper, we describe an alternative approach for building mimicry attacks using only skills and technologies that hackers possess today, making this attack a more immediate and realistic threat. These attacks, which we call persistent interposition attacks, are not as powerful as traditional mimicry attacks -- an adversary cannot obtain a root shell using a persistent interposition attack-- but are sufficient to accomplish the goals of today's cyber-criminals. ...
Chetan Parampalli, R. Sekar, Rob Johnson
Added 12 Oct 2010
Updated 12 Oct 2010
Type Conference
Year 2008
Where CCS
Authors Chetan Parampalli, R. Sekar, Rob Johnson
Comments (0)