DocumentCode
1767503
Title
Characteristics of buffer overflow attacks tunneled in HTTP traffic
Author
Homoliak, Ivan ; Ovsonka, Daniel ; Koranda, Karel ; Hanacek, Petr
Author_Institution
Fac. of Inf. Technol., Brno Univ. of Technol., Brno, Czech Republic
fYear
2014
fDate
13-16 Oct. 2014
Firstpage
1
Lastpage
6
Abstract
The purpose of this article is to describe characteristics of obfuscated network buffer overflow attacks in contrast with characteristics of directly simulated attacks. The obfuscation was performed by tunneling of malicious traffic in HTTP and HTTPS protocols. These protocols wrap a malicious communication between an attacker situated outside of an intranet and a callback located inside of an intranet. The detection analysis which we perform is based on features extraction from network packets dumps and it employs a behavioral and statistical analysis of communications´ progress in time and packet index domain. There were performed experiments in four scenarios simulating traffic shaping, traffic policing and transmission on unreliable network channel to make properties of direct attacks and obfuscated attacks as various as possible. Next part of this article is comparison of obfuscated and direct attacks classification by our previously designed ASNM network features with state-of-the-art features set of A. Moore, both representing statistical and behavioral based experimental academic kernels for NBA. Presented results show better classification accuracy of ASNM features in all kinds of experiments.
Keywords
computer network security; hypermedia; intranets; statistical analysis; transport protocols; ASNM network features; HTTP traffic; HTTPS protocols; NBA; academic kernels; buffer overflow attacks; detection analysis; direct attack classification; feature extraction; intranet; malicious communication; malicious traffic; obfuscated attacks; obfuscated network buffer overflow attacks; packet index domain; simulated attacks; statistical analysis; unreliable network channel; Accuracy; Feature extraction; Kernel; Logic gates; Protocols; Servers; Tunneling; AIPS; ASNM; NBA; buffer overflow; network vulnerabilities; obfuscation; protocol tunneling;
fLanguage
English
Publisher
ieee
Conference_Titel
Security Technology (ICCST), 2014 International Carnahan Conference on
Conference_Location
Rome
Print_ISBN
978-1-4799-3530-7
Type
conf
DOI
10.1109/CCST.2014.6986998
Filename
6986998
Link To Document