Buffer Overflow - Explore the Science & Experts | ideXlab

Scan Science and Technology

Contact Leading Edge Experts & Companies

Buffer Overflow

The Experts below are selected from a list of 9309 Experts worldwide ranked by ideXlab platform

Xinran Wang – 1st expert on this subject based on the ideXlab platform

  • SigFree: A Signature-Free Buffer Overflow Attack Blocker
    IEEE Transactions on Dependable and Secure Computing, 2010
    Co-Authors: Xinran Wang

    Abstract:

    We propose SigFree, an online signature-free out-of-the-box application-layer method for blocking code-injection Buffer Overflow attack messages targeting at various Internet services such as Web service. Motivated by the observation that Buffer Overflow attacks typically contain executables whereas legitimate client requests never contain executables in most Internet services, SigFree blocks attacks by detecting the presence of code. Unlike the previous code detection algorithms, SigFree uses a new data-flow analysis technique called code abstraction that is generic, fast, and hard for exploit code to evade. SigFree is signature free, thus it can block new and unknown Buffer Overflow attacks; SigFree is also immunized from most attack-side code obfuscation methods. Since SigFree is a transparent deployment to the servers being protected, it is good for economical Internet-wide deployment with very low deployment and maintenance cost. We implemented and tested SigFree; our experimental study shows that the dependency-degree-based SigFree could block all types of code-injection attack packets (above 750) tested in our experiments with very few false positives. Moreover, SigFree causes very small extra latency to normal client requests when some requests contain exploit code.

  • sigfree a signature free Buffer Overflow attack blocker
    USENIX Security Symposium, 2006
    Co-Authors: Xinran Wang

    Abstract:

    We propose SigFree, a realtime, signature-free, out-of-the-box, application layer blocker for preventing Buffer Overflow attacks, one of the most serious cyber security threats. SigFree can filter out code-injection Buffer Overflow attack messages targeting at various Internet services such as web service. Motivated by the observation that Buffer Overflow attacks typically contain executables whereas legitimate client requests never contain executables in most Internet services, SigFree blocks attacks by detecting the presence of code. SigFree first blindly dissembles and extracts instruction sequences from a request. It then applies a novel technique called code abstraction, which uses data flow anomaly to prune useless instructions in an instruction sequence. Finally it compares the number of useful instructions to a threshold to determine if this instruction sequence contains code. SigFree is signature free, thus it can block new and unknown Buffer Overflow attacks; SigFree is also immunized from most attack-side code obfuscation methods. Since SigFree is transparent to the servers being protected, it is good for economical Internet wide deployment with very low deployment and maintenance cost. We implemented and tested SigFree; our experimental study showed that SigFree could block all types of codeinjection attack packets (above 250) tested in our experiments. Moreover, SigFree causes negligible throughput degradation to normal client requests.

Tzicker Chiueh – 2nd expert on this subject based on the ideXlab platform

  • scalable network based Buffer Overflow attack detection
    Architectures for Networking and Communications Systems, 2006
    Co-Authors: Tzicker Chiueh

    Abstract:

    Buffer Overflow attack is the main attack method that most if not all existing malicious worms use to propagate themselves from machine to machine. Although a great deal of research has been invested in defense mechanisms against Buffer Overflow attack, most of them require modifications to the network applications and/or the platforms that host them. Being an extension work of CTCP, this paper presents a network-based low performance overhead Buffer Overflow attack detection system called Nebula 1 NEtwork-based Buffer Overflow Attack detection, which can detect both known and zero-day Buffer Overflow attacks based solely on the packets observed without requiring any modifications to the end hosts. Moreover, instead of deriving a specific signature for each individual Buffer Overflow attack instance, Nebula uses a generalized signature that can capture all known variants of Buffer Overflow attacks while reducing the number of false positives to a negligible level. In addition, Nebula is built on a centralized TCP/IP architecture that effectively defeats all existing NIDS evasion techniques. Finally, Nebula incorporates a payload type identification mechanism that reduces further the false positive rate and scales the proposed Buffer Overflow attack detection scheme to gigabit network links.

  • ANCS – Scalable network-based Buffer Overflow attack detection
    Proceedings of the 2006 ACM IEEE symposium on Architecture for networking and communications systems – ANCS '06, 2006
    Co-Authors: Tzicker Chiueh

    Abstract:

    Buffer Overflow attack is the main attack method that most if not all existing malicious worms use to propagate themselves from machine to machine. Although a great deal of research has been invested in defense mechanisms against Buffer Overflow attack, most of them require modifications to the network applications and/or the platforms that host them. Being an extension work of CTCP, this paper presents a network-based low performance overhead Buffer Overflow attack detection system called Nebula 1 NEtwork-based Buffer Overflow Attack detection, which can detect both known and zero-day Buffer Overflow attacks based solely on the packets observed without requiring any modifications to the end hosts. Moreover, instead of deriving a specific signature for each individual Buffer Overflow attack instance, Nebula uses a generalized signature that can capture all known variants of Buffer Overflow attacks while reducing the number of false positives to a negligible level. In addition, Nebula is built on a centralized TCP/IP architecture that effectively defeats all existing NIDS evasion techniques. Finally, Nebula incorporates a payload type identification mechanism that reduces further the false positive rate and scales the proposed Buffer Overflow attack detection scheme to gigabit network links.

  • Scalable network-based Buffer Overflow attack detection
    2006 Symposium on Architecture For Networking And Communications Systems, 2006
    Co-Authors: Tzicker Chiueh

    Abstract:

    Buffer Overflow attack is the main attack method that most if not all existing malicious worms use to propagate themselves from machine to machine. Although a great deal of research has been invested in defense mechanisms against Buffer Overflow attack, most of them require modifications to the network applications and/or the platforms that host them. Being an extension work of CTCP, this paper presents a network-based low performance overhead Buffer Overflow attack detection system called Nebula, which can detect both known and zero-day Buffer Overflow attacks based solely on the packets observed without requiring any modifications to the end hosts. Moreover, instead of deriving a specific signature for each individual Buffer Overflow attack instance, Nebula uses a generalized signature that can capture all known variants of Buffer Overflow attacks while reducing the number of false positives to a negligible level. In addition, Nebula is built on a centralized TCP/IP architecture that effectively defeats all existing NIDS evasion techniques. Finally, Nebula incorporates a payload type identification mechanism that reduces further the false positive rate and scales the proposed Buffer Overflow attack detection scheme to gigabit network links.

Sung Won Sohn – 3rd expert on this subject based on the ideXlab platform

  • a new stack Buffer Overflow hacking defense technique with memory address confirmation
    International Conference on Information Security and Cryptology, 2001
    Co-Authors: Yangseo Choi, Sung Won Sohn

    Abstract:

    Stack Buffer Overflow hacking became generally known due to the Morris’ Internet Worm in 1988. Since then Buffer Overflow hacking has been used to attack systems and servers by hackers very frequently. Recently, many researches tried to prevent it, and several solutions were developed such as Libsafe and StackGuard; however, these solutions have a few problems. In this paper we present a new stack Buffer Overflow attack prevention technique that uses the system call monitoring mechanism and memory address where the system call is made. Because of its detection mechanism this system can be used for unknown attack detection, too.