• DocumentCode
    1767503
  • Title

    Characteristics of buffer overflow attacks tunneled in HTTP traffic

  • Author

    Homoliak, Ivan ; Ovsonka, Daniel ; Koranda, Karel ; Hanacek, Petr

  • Author_Institution
    Fac. of Inf. Technol., Brno Univ. of Technol., Brno, Czech Republic
  • fYear
    2014
  • fDate
    13-16 Oct. 2014
  • Firstpage
    1
  • Lastpage
    6
  • Abstract
    The purpose of this article is to describe characteristics of obfuscated network buffer overflow attacks in contrast with characteristics of directly simulated attacks. The obfuscation was performed by tunneling of malicious traffic in HTTP and HTTPS protocols. These protocols wrap a malicious communication between an attacker situated outside of an intranet and a callback located inside of an intranet. The detection analysis which we perform is based on features extraction from network packets dumps and it employs a behavioral and statistical analysis of communications´ progress in time and packet index domain. There were performed experiments in four scenarios simulating traffic shaping, traffic policing and transmission on unreliable network channel to make properties of direct attacks and obfuscated attacks as various as possible. Next part of this article is comparison of obfuscated and direct attacks classification by our previously designed ASNM network features with state-of-the-art features set of A. Moore, both representing statistical and behavioral based experimental academic kernels for NBA. Presented results show better classification accuracy of ASNM features in all kinds of experiments.
  • Keywords
    computer network security; hypermedia; intranets; statistical analysis; transport protocols; ASNM network features; HTTP traffic; HTTPS protocols; NBA; academic kernels; buffer overflow attacks; detection analysis; direct attack classification; feature extraction; intranet; malicious communication; malicious traffic; obfuscated attacks; obfuscated network buffer overflow attacks; packet index domain; simulated attacks; statistical analysis; unreliable network channel; Accuracy; Feature extraction; Kernel; Logic gates; Protocols; Servers; Tunneling; AIPS; ASNM; NBA; buffer overflow; network vulnerabilities; obfuscation; protocol tunneling;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Security Technology (ICCST), 2014 International Carnahan Conference on
  • Conference_Location
    Rome
  • Print_ISBN
    978-1-4799-3530-7
  • Type

    conf

  • DOI
    10.1109/CCST.2014.6986998
  • Filename
    6986998