Mimicry attacks on host-based intrusion detection systems
Proceedings of the 9th ACM conference on Computer and communications security
Hacking: The Art of Exploitation
Hacking: The Art of Exploitation
Testing network-based intrusion detection signatures using mutant exploits
Proceedings of the 11th ACM conference on Computer and communications security
Extracting Attack Manifestations to Determine Log Data Requirements for Intrusion Detection
ACSAC '04 Proceedings of the 20th Annual Computer Security Applications Conference
On evolving buffer overflow attacks using genetic programming
Proceedings of the 8th annual conference on Genetic and evolutionary computation
StackGuard: automatic adaptive detection and prevention of buffer-overflow attacks
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Undermining an anomaly-based intrusion detection system using common exploits
RAID'02 Proceedings of the 5th international conference on Recent advances in intrusion detection
METAL – a tool for extracting attack manifestations
DIMVA'05 Proceedings of the Second international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Hi-index | 0.00 |
Many critical infrastructures such as health care, crisis management and financial systems are part of the Internet and exposed to the rather hostile environment found there. At the same time it is recognized that traditional defensive mechanisms provide some protection, but has to be complemented with supervisory features, such as intrusion detection. Intrusion detection systems (IDS) monitor the network and the host computers for signs of intrusions and intrusion attempts. However, an IDS needs training data to learn how to discriminate between intrusion attempts and benign events. In order to properly train the detection system we need data containing attack manifestations. The provision of such manifestations may pose considerable problems and effort, especially since many attacks are not successful against a particular system version. This paper suggests a general model for how to implement an automatic tool that can be used for generation of successful attacks and finding the relevant manifestations with a limited amount of effort and time delay. Those manifestations can then promptly be used for setting up the IDS and countering the attack. To illustrate the concepts we provide an implementation example for an important attack type, the stack-smashing buffer overflow attack.