Loading...
Please wait, while we are loading the content...
Similar Documents
Buttercup: On network-based detection of polymorphic buffer overflow vulnerabilities (2004)
| Content Provider | CiteSeerX |
|---|---|
| Author | Pasupulati, A. Coit, J. Levitt, K. Kuo, J. C. Fan, K. P. |
| Description | Attack polymorphism is a powerful tool for the attackers in the Internet to evade signature-based intrusion detection/prevention systems. In addition, new and faster Internet worms can be coded and launched easily by even high school students anytime against our critical infrastructures, such as DNS or update servers. We believe that polymorphic Internet worms will be developed in the future such that many of our current solutions might have a very small chance to survive. In this paper, we propose a simple solution called “Buttercup ” to counter against attacks based on buffer-overflow exploits (such as CodeRed, Nimda, Slammer, and Blaster). We have implemented our idea in SNORT, and included 19 return address ranges of buffer-overflow exploits. With a suite of tests against 55 TCPdump traces, the false positive rate for our best algorithm is as low as 0.01%. This indicates that, potentially, Buttercup can drop 100 % worm attack packets on the wire while only 0.01 % of the good packets will be sacrificed. |
| File Format | |
| Language | English |
| Publisher Date | 2004-01-01 |
| Publisher Institution | in Proceedings of the Network Operations and Management Symposium (NOMS |
| Access Restriction | Open |
| Subject Keyword | Worm Attack Packet Simple Solution Small Chance Signature-based Intrusion Detection Prevention System Powerful Tool Polymorphic Internet Worm Polymorphic Buffer Network-based Detection False Positive Rate Buffer-overflow Exploit High School Student Current Solution Update Server Critical Infrastructure Return Address Range Tcpdump Trace Good Packet Faster Internet Worm Attack Polymorphism |
| Content Type | Text |
| Resource Type | Article |
