Title :
A framework for detecting network-based code injection attacks targeting Windows and UNIX
Author :
Andersson, Stig ; Clark, Andrew ; Mohay, George ; Schatz, Bradley ; Zimmermann, Jacob
Author_Institution :
Inf. Security Inst., Queensland Univ. of Technol., Brisbane, Qld.
Abstract :
Code injection vulnerabilities continue to prevail. Attacks of this kind such as stack buffer overflows and heap buffer overflows account for roughly half of the vulnerabilities discovered in software every year. The research presented in this paper extends earlier work in the area of code injection attack detection in UNIX environments. It presents a framework for detecting new or previously unseen code injection attacks in a heterogeneous networking environment and compares code injection attack and detection strategies used in the UNIX and Windows environments. The approach presented is capable of detecting both obfuscated and clear text attacks, and is suitable for implementation in the Windows environment. A prototype intrusion detection system (IDS) capable of detecting code injection attacks, both clear text attacks and obfuscated attacks, which targets Windows systems is presented
Keywords :
operating systems (computers); security of data; UNIX; Windows system; clear text attack; code injection vulnerability; heap buffer overflow; heterogeneous network; intrusion detection system; network code injection attack detection; obfuscated attack; software vulnerability; stack buffer overflow; Application software; Australia; Buffer overflow; Computer architecture; Information security; Intrusion detection; Jacobian matrices; Monitoring; Prototypes; Taxonomy;
Conference_Titel :
Computer Security Applications Conference, 21st Annual
Conference_Location :
Tucson, AZ
Print_ISBN :
0-7695-2461-3
DOI :
10.1109/CSAC.2005.5
