Buttercup: On network-based detection of polymorphic buffer overflow vulnerabilities

IEEE Symposium Record on Network Operations and Management Symposium

Volumn , Issue , 2004, Pages 235-248

  Pasupulati, A ^a   Coit, J ^a   Levitt, K ^a   Wu, S F ^a   Li, S H ^b   Kuo, J C ^b   Fan, K P ^b  

^a UNIVERSITY OF CALIFORNIA   (United States)

^b INDUSTRIAL TECHNOLOGY RESEARCH INSTITUTE   (Taiwan)

Author keywords

Buffer Overflow; Network Intrusion Detection System; Polymorphic Shellcode; Snort

Indexed keywords

BUFFER OVERFLOW; NETWORK INTRUSION DETECTION SYSTEM; POLYMORPHIC SHELLCODE; SNORT;

ALGORITHMS; BUFFER CIRCUITS; COMPUTER NETWORKS; COMPUTER SIMULATION; DATA ACQUISITION; INTERNET; REAL TIME SYSTEMS;

SECURITY OF DATA;

EID: 4544239482     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (18)

1. "Network-Based Detection of Polymorphic Attacks", MS thesis, Computer Science Department, UC Davis.
2. Martin Roesch, "Snort-Lightweight Intrusion Detection for Networks".
3. Martin Roesch, "Snort Users Manual", Snort Release: 1.9.x.
4. Aleph One. Smashing the Stack for fun and profit. Phrack Magazine, 49(14), 1996.
5. "Buffer Overflows Demystified", http://www.enderunix.org/docs/ eng/bof-eng.txt
6. Lefty, "Buffer Overruns, what's the real story?", http://destroy.net/machines/security/stack.nfo.txt
7. K. Timm, "IDS Evasion Techniques and Tactics", http://online.securityfocus.com/infocus/1577
8. E. Messmer, "Put to the test", http://www.nwfusion.con/news/ 2002/0415idsevad.html
9. "ADMuate Readme", http://www.ktwo.ca/readme.html
10. E. Skoudis, "Sneaking Past IDS", http://www.infosecuritvmag. com/2002/jul/sneaking.shtml
11. http://wwwcsif.cs.ucdavis.edu/~pasupula/Buttercup-paper.doc
12. Stackguard: Automatic adaptive detection and prevention of buffer-overflow attacks. In Proceedings of the 7th USENIX Security Conference, January 1998.
13. T. Chiueh, F. Hsu. RAD: A Compile-Time Solution to Buffer Overflow Attacks. International Conference on Distributed Computing Systems (ICDCS), Phoenix, Arizona, USA, April 2001.
14. D. Bruschi, E. Rosti, R. Banfi. A tool for pro-active defense against the buffer overrun attack. In Proceedings of ESORICS 98, 5th European Symposium on Research in Computer Security.
15. D. Wagner, J. S. Foster, E. A. Brewer, and A Aiken. A first step towards automated detection of buffer overrun vulnerabilities. In Proceedings of the Network and distributed system security symposium, February 2000.
16. T. Toth, C. Kruegel. Accurate Buffer Overflow Detection via Abstract Payload Execution. RAID 2002, LNCS 2516, pp. 274-291, 2002.
17. "Polymorphic Shellcodes vs. Application IDSs", NGSEC White Paper, http://www.ngsec.com
18. E. Chien, P. Szor. Blended Attacks Exploits, Vulnerabilities and Buffer-Overflow Techniques in Computer Viruses. Virus Bulletin Conference 2002.