CPL - Chalmers Publication Library
| Utbildning | Forskning | Styrkeområden | Om Chalmers | In English In English Ej inloggad.

A General Model and Guidelines for Attack Manifestation Generation

Ulf Larson (Institutionen för data- och informationsteknik, Datorteknik (Chalmers)) ; Dennis K. Nilsson (Institutionen för data- och informationsteknik, Datorteknik (Chalmers)) ; Erland Jonsson (Institutionen för data- och informationsteknik, Datorteknik (Chalmers))
2nd International Workshop on Critical Information Infrastructure Security, CRITIS 2007; Malaga; Spain; 3 October 2007 through 5 October 2007 (03029743). Vol. 5141 (2007), p. 274-286.
[Konferensbidrag, refereegranskat]

Many critical infrastructures such as health care, crisis management and financial systems are part of the Internet and exposed to the rather hostile environment found there. At the same time it is recognized that traditional defensive mechanisms provide some protection, but has to be complemented with supervisory features, such as intrusion detection. Intrusion detection systems (IDS) monitor the network and the host computers for signs of intrusions and intrusion attempts. However, an IDS needs training data to learn how to discriminate between intrusion attempts and benign events. In order to properly train the detection system we need data containing attack manifestations. The provision of such manifestations may pose considerable problems and effort, especially since many attacks are not successful against a particular system version. This paper suggests a general model for how to implement an automatic tool that can be used for generation of successful attacks and finding the relevant manifestations with a limited amount of effort and time delay. Those manifestations can then promptly be used for setting up the IDS and countering the attack. To illustrate the concepts we provide an implementation example for an important attack type, the stack-smashing buffer overflow attack.

Nyckelord: Execution monitoring, automation, mutation, model, manifestation generation


This document as pdf can be obtained by sending an email to dennis.nilsson or ulfla, both at chalmers.se



Denna post skapades 2007-08-28. Senast ändrad 2016-06-03.
CPL Pubid: 45918

 

Läs direkt!


Länk till annan sajt (kan kräva inloggning)


Institutioner (Chalmers)

Institutionen för data- och informationsteknik, Datorteknik (Chalmers)

Ämnesområden

Datorteknik

Chalmers infrastruktur

Relaterade publikationer

Denna publikation ingår i:


On Adapting Data Collection to Intrusion Detection