Title :
Automatic generation of buffer overflow attack signatures: an approach based on program behavior models
Author :
Liang, Zhenkai ; Sekar, R.
Author_Institution :
Dept. of Comput. Sci., Stony Brook Univ., NY
Abstract :
Buffer overflows have become the most common target for network-based attacks. They are also the primary mechanism used by worms and other forms of automated attacks. Although many techniques have been developed to prevent server compromises due to buffer overflows, these defenses still lead to server crashes. When attacks occur repeatedly, as is common with automated attacks, these protection mechanisms lead to repeated restarts of the victim application, rendering its service unavailable. To overcome this problem, we develop a new approach that can learn the characteristics of a particular attack, and filter out future instances of the same attack or its variants. By doing so, our approach significantly increases the availability of servers subjected to repeated attacks. The approach is fully automatic, does not require source code, and has low runtime overheads. In our experiments, it was effective against most attacks, and did not produce any false positives
Keywords :
computer networks; invasive software; automated network attack; automatic generation; buffer overflow attack signature; program behavior model; repeated attack; runtime overhead; Ash; Automatic speech recognition; Buffer overflow; Computer science; Computer worms; Filters; Network servers; Protection; Radio access networks; Runtime;
Conference_Titel :
Computer Security Applications Conference, 21st Annual
Conference_Location :
Tucson, AZ
Print_ISBN :
0-7695-2461-3
DOI :
10.1109/CSAC.2005.12
