Experiments with deceptive software responses to buffer-overflow attacks

Author

Julian, M.D.P. ; Rowe, Neil C. ; Michael, J. Bret

Author_Institution

Comput. Sci. Dept., US Naval Postgraduate Sch., Monterey, CA, USA

fYear

2003

fDate

18-20 June 2003

Firstpage

43

Lastpage

44

Abstract

Modern intrusion detection systems have become good at identifying many kinds of malicious users on computer systems. Systems could use deception to fool the attacker about the results of their actions so that the attacker would waste time on fruitless endeavors. Deceptive software could also provide autonomous protective software responses to identified intrusions for a "second line of defense" when access controls have been subverted or destroyed. We examined three methods of responding to a malicious attempt to overflow the input buffer. All were done by modifying an image-browser Web portal (interface program) that was implemented with the Java "servlet" package.

Keywords

Internet; Java; authorisation; computer crime; portals; user interfaces; Java servlets; World Wide Web; access control; autonomous protective software responses; buffer-overflow attacks; computer systems; deceptive software responses; decoys; image-browser Web portal; information systems; interface program; intrusion detection systems; malicious users; Access control; Buffer overflow; Delay effects; Information systems; Intrusion detection; Java; Operating systems; Portals; Protection; Web sites;

fLanguage

English

Publisher

ieee

Conference_Titel

Information Assurance Workshop, 2003. IEEE Systems, Man and Cybernetics Society

Print_ISBN

0-7803-7808-3

Type

conf

DOI

10.1109/SMCSIA.2003.1232399

Filename

1232399