Publication Details
Buffer Overflow Attacks Data Acquisition
Barabas Maroš, Ing., Ph.D. (DITS FIT BUT)
Grégr Matěj, Ing., Ph.D. (DIFS FIT BUT)
Chmelař Petr, Ing. (DIFS FIT BUT)
malware, buffer overflow, network monitoring, honeypot, data acquisition, statistics
This article describes the acquisition of data from buffer overflow attacks from university campus and enterprise network. It provides an overview of the design of system for gathering data, learning and detection of zero day malware using shadow honeypot Argos and low interaction honeypot HoneyD.
In this article, we investigate the network traffic that may cause the unauthorized control of a computer in the campus network using buffer overflow attacks, the objective of which is to gain the control of privileged programs and computers. We provide statistics of the network traffic in a campus and an eterprise network together with probabilities of a buffer overflow attack to provide attakers the most vulnerable services using low interaction honeypot HoneyD together with a highly interactive shadow honeypot Argos that were used to detect attacks and describe their detection profiles. In this manner, we can collect data to be used for training classifiers to predict and detect even zero day vulnerabilities and malware. Our intension is to acquaint dataset that can identify serious security threats in much higher details, compared to 1999 KDD Cup dataset.
@INPROCEEDINGS{FITPUB9700, author = "Michal Drozd and Maro\v{s} Barabas and Mat\v{e}j Gr\'{e}gr and Petr Chmela\v{r}", title = "Buffer Overflow Attacks Data Acquisition", pages = "775--779", booktitle = "Proceedings of the 6th IEEE International Conference on IDAACS 2011", series = "Volume 2", year = 2011, location = "Praha, CZ", publisher = "Institute of Electrical and Electronics Engineers", ISBN = "978-1-4577-1423-8", language = "english", url = "https://www.fit.vut.cz/research/publication/9700" }