Short Paper: bufSTAT - a tool for early detection and classification of buffer overflow attacks

S.  Radosavac; K. Seamon; J.S.  Baras

1st International ICST Conference on Security and Privacy for Emerging Areas in Communication Networks

Research Article

Short Paper: bufSTAT - a tool for early detection and classification of buffer overflow attacks

Cite: BibTeX Plain Text

@INPROCEEDINGS{10.1109/SECURECOMM.2005.38,
    author={S.  Radosavac and K. Seamon and J.S.  Baras},
    title={Short Paper: bufSTAT - a tool for early detection and classification of buffer overflow attacks},
    proceedings={1st International ICST Conference on Security and Privacy for Emerging Areas in Communication Networks},
    publisher={IEEE},
    proceedings_a={SECURECOMM},
    year={2006},
    month={3},
    keywords={},
    doi={10.1109/SECURECOMM.2005.38}
}

S. Radosavac
K. Seamon
J.S. Baras
Year: 2006
Short Paper: bufSTAT - a tool for early detection and classification of buffer overflow attacks
SECURECOMM
IEEE
DOI: 10.1109/SECURECOMM.2005.38

S. Radosavac¹, K. Seamon¹, J.S. Baras¹

1: University of Maryland

Abstract

Buffer overflows constitute by far the most frequently encountered class of attacks against computer systems. In this paper we introduce a tool, termed bufSTAT that achieves a low probability of false alarm and issues early attack warnings. BufSTAT relies on Finite State Machines (FSM) for attack modeling and can detect every stage of an ongoing attack and can thus prevent its execution by issuing early warning in a progressive manner. It can also detect sophisticated multi-stage attacks that are executed over long periods of time. A significant attribute of our approach is that it is amenable to detecting unknown attacks as well after appropriate modification of bufSTAT.

Published: 2006-03-20
Publisher: IEEE

: http://dx.doi.org/10.1109/SECURECOMM.2005.38