Title :
Experiments with deceptive software responses to buffer-overflow attacks
Author :
Julian, M.D.P. ; Rowe, Neil C. ; Michael, J. Bret
Author_Institution :
Comput. Sci. Dept., US Naval Postgraduate Sch., Monterey, CA, USA
Abstract :
Modern intrusion detection systems have become good at identifying many kinds of malicious users on computer systems. Systems could use deception to fool the attacker about the results of their actions so that the attacker would waste time on fruitless endeavors. Deceptive software could also provide autonomous protective software responses to identified intrusions for a "second line of defense" when access controls have been subverted or destroyed. We examined three methods of responding to a malicious attempt to overflow the input buffer. All were done by modifying an image-browser Web portal (interface program) that was implemented with the Java "servlet" package.
Keywords :
Internet; Java; authorisation; computer crime; portals; user interfaces; Java servlets; World Wide Web; access control; autonomous protective software responses; buffer-overflow attacks; computer systems; deceptive software responses; decoys; image-browser Web portal; information systems; interface program; intrusion detection systems; malicious users; Access control; Buffer overflow; Delay effects; Information systems; Intrusion detection; Java; Operating systems; Portals; Protection; Web sites;
Conference_Titel :
Information Assurance Workshop, 2003. IEEE Systems, Man and Cybernetics Society
Print_ISBN :
0-7803-7808-3
DOI :
10.1109/SMCSIA.2003.1232399
