The age of data: Pinpointing guilty bytes in polymorphic buffer overflows on heap or stack

Proceedings - Annual Computer Security Applications Conference, ACSAC

Volumn , Issue , 2007, Pages 487-500

  Slowinska, Asia ^a   Bos, Herbert ^a  

^a VU UNIVERSITY AMSTERDAM   (Netherlands)

Author keywords

Attack analysis; Honeypots; Intrusion detection and prevention

Indexed keywords

BUFFER STORAGE; SECURITY OF DATA; SECURITY SYSTEMS;

ATTACK ANALYSIS; BUFFER OVERFLOWS; COMPUTER SECURITY APPLICATIONS; HARD PROBLEMS; HONEYPOTS; INTRUSION DETECTION AND PREVENTION; NETWORK DATA; PRECISE ANALYSIS; TAG DATA;

COMPUTER APPLICATIONS;

EID: 48649093823     PISSN: 10639527     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/ACSAC.2007.32     Document Type: Conference Paper

References (35)

1. P. Akritidis, E. P. Markatos, M. Polychronakis, and K. D. Anagnostakis. Stride: Polymorphic sled detection through instruction sequence analysis. In Proceedings of the 20th IFIP/SEC 2005, 2005.
2. Anonymous. Once upon a free(). http://doc.bughunter.net/ buffer-overflow/free.html.
3. W. X. S. Bhatkar and R. Sekar. Taint-enhanced policy enforcement: A practical approach to defeat a wide range of attacks. In Proceedings of 15th USENIX Security Symposium, 2006.
4. D. Brumley, J. Newsome, D. Song, H. Wang, and S. Jha. Towards automatic generation of vulnerability-based signatures. In Proceedings of the 2006 IEEE Symposium on Security and Privacy, May 2006.
5. R. Chinchani and E. Berg. fast static analysis approach to detect exploit code inside network flows. In In Recent Advances in Intrusion Detection, Seattle, WA, 2005.
6. M. Christodorescu, S. Jha, S. Seshia, D. Song, and R. Bryant. Semantics-aware malware detection. In Security and Privacy Conference, Oakland, CA, May 2005.
7. M. Costa, J. Crowcroft, M. Castro, A. Rowstron, L. Zhou, L. Zhang, and P. Barham. Vigilante: end-to-end containment of Internet worms. In Proceedings of the 20th ACM Symposium on Operating Systems Principles, 2005.
8. Crispin Cowan, Calton Pu, Dave Maier, Heather Hintony, Jonathan Walpole, Peat Bakke, Steve Beattie, Aaron Grier, PerryWagle and Qian Zhang. StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks. In 7th USENIX Security Symposium, 2002.
9. H. Feng, J. Giffin, Y. Huang, S. Jha, W. Lee, and B. Miller. Formalizing sensitivity in static analysis for intrusion detection. In Proceedings the IEEE Symposium on Security and Privacy, Oakland, CA, 2004.
10. H. Feng, O. Kolesnikov, P. Fogla, W. Lee, and W. Gong. Anomaly detection using call stack information. In Proceedings of the IEEE Security and Privacy Conference, Oakland, CA, 2003.
11. P. Fogla and W. Lee. Evading network anomaly detection systems: formal reasoning and practical techniques. In Proceedings of the 13th ACM CCS, 2006.
12. J. T. Giffin, S. Jha, and B. P. Miller. Automated discovery of mimicry attacks. In D. Zamboni and C. Krügel, editors, RAID, volume 4219 of Lecture Notes in Computer Science. Springer, 2006.
13. C. Krügel, E. Kirda, D. Mutz, W. Robertson, and G. Vigna. Automating mimicry attacks using static binary analysis. In 14th Usenix Security Symposium, Baltimore, MD, August 2005.
14. C. Krügel, E. Kirda, D. Mutz, W. Robertson, and G. Vigna. Polymorphic worm detection using structural information of executables. In RAID, Seattle, WA, October 2005.
15. C. Krügel and G. Vigna. Anomaly detection of web-based attacks. In CCS '03: Proceedings of the 10th ACM conference on Computer and communications security, pages 251-261, New York, NY, USA, 2003. ACM Press.
16. Z. Liang and R. Sekar. Fast and automated generation of attack signatures: a basis for building self-protecting servers. In Proceedings of the 12th ACM conference on Computer and communications security, 2005.
17. M. V. Mahoney. Network traffic anomaly detection based on packet bytes. In SAC '03: Proceedings of the 2003 ACM symposium on Applied computing, pages 346-350, New York, NY, USA, 2003. ACM Press.
18. National Vulnerability Database. CVE-2006-4089 Multiple buffer overflows in AlsaPlayer. http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-4089, 2006.
19. National Vulnerability Database. CVE-2006-4197 Multiple buffer overflows in libmusicbrainz. http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-4197, 2006.
20. J. Newsome, B. Karp, and D. X. Song. Polygraph: Automatically generating signatures for polymorphic worms. In IEEE Symposium on Security and Privacy, May 2005.
21. J. Newsome and D. X. Song. Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software. In Proceedings of the NDSS, 2005.
22. Open Source Vulnerability Database. Subversion date parsing overflow. http://osvdb.org/displayvuln.php?osvdbid=6301, 2004.
23. R. Perdisci, D. Dagon, W. Lee, P. Fogla, and M. Sharif. Misleading worm signature generators using deliberate noise injection. In Proceedings of the 2006 IEEE Symposium on Security and Privacy (S&P'06), May 2006.
24. G. Portokalidis, A. Slowinska, and H. Bos. Argos: an emulator for fingerprinting zero-day attacks. In Proc. ACM SIGOPS EUROSYS'2006, Leuven, Belgium, April 2006.
25. A. Rahbar. Stack overflow on windows vista. http://www.sysdream.com/ article.php?story_id=241§ion_id=77, July 2006.
26. Secunia. CVE-2004-1636 WvTftp Buffer Overflow Vulnerability, October 2004.
27. SecuriTeam. Asterisk skinny unauthenticated heap overflow, October 2006.
28. SecurityFocus. CAN-2003-0245 Apache apr-psprintf memory corruption vulnerability. http://www.securityfocus.com/bid/7723/, 2003.
29. SecurityFocus. CVE-2006-1148 Peer-Cast Remote Buffer Overflow Vulnerability. http://www.securityfocus.com/bid/17040/info, 2006.
30. T. Toth and C. Krügel. Accurate buffer overflow detection via abstract payload execution. In Recent Advances in Intrusion Detection, 5th International Symposium, 2002.
31. US-CERT. Vulnerability notes database. http://www.us-cert.gov, 2007.
32. H. J. Wang, C. Guo, D. R. Simon, and A. Zugenmaier. Shield: vulnerability-driven network filters for preventing known vulnerability exploits. SIGCOMM Comput. Commun. Rev., 34(4):193-204, 2004.
33. K. Wang, G. Cretu, and S. J. Stolfo. Anomalous payload-based worm detection and signature generation. In Proceedings of the 8th International Symposium on Recent Advances in Intrusion Detection, 2005.
34. X. Wang, Z. Li, J. Xu, M. K. Reiter, C. Kil, and J. Y. Choi. Packet vaccine: black-box exploit detection and signature generation. In Proceedings of the 13th ACM CCS, 2006.
35. X.Wang, C.-C. Pan, P. Liu, and S. Zh. Sigfree: A signature-free buffer overflow attack blocker. In Proceedings of 15th USENIX Security Symposium, 2006.