A Framework for Detecting Network-based Code Injection Attacks Targeting Windows and UNIX

	This Article
	Subscribers, please Login Purchase article: $19 PDF IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Stig Andersson Articles by Andrew Clark Articles by George Mohay Articles by Bradley Schatz Articles by Jacob Zimmermann

21st Annual Computer Security Applications Conference (ACSAC'05)

Tucson, Arizona

December 05-December 09

ISBN: 0-7695-2461-3

	ASCII Text	x
	Stig Andersson, Andrew Clark, George Mohay, Bradley Schatz, Jacob Zimmermann, "A Framework for Detecting Network-based Code Injection Attacks Targeting Windows and UNIX," Computer Security Applications Conference, Annual, pp. 49-58, 21st Annual Computer Security Applications Conference (ACSAC'05), 2005.

	BibTex	x
	@article{ 10.1109/CSAC.2005.5, author = {Stig Andersson and Andrew Clark and George Mohay and Bradley Schatz and Jacob Zimmermann}, title = {A Framework for Detecting Network-based Code Injection Attacks Targeting Windows and UNIX}, journal ={Computer Security Applications Conference, Annual}, volume = {0}, year = {2005}, issn = {1063-9527}, pages = {49-58}, doi = {http://doi.ieeecomputersociety.org/10.1109/CSAC.2005.5}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Computer Security Applications Conference, Annual TI - A Framework for Detecting Network-based Code Injection Attacks Targeting Windows and UNIX SN - 1063-9527 SP49 EP58 A1 - Stig Andersson, A1 - Andrew Clark, A1 - George Mohay, A1 - Bradley Schatz, A1 - Jacob Zimmermann, PY - 2005 KW - null VL - 0 JA - Computer Security Applications Conference, Annual ER -

Stig Andersson, Queensland University of Technology, Australia

Andrew Clark, Queensland University of Technology, Australia

George Mohay, Queensland University of Technology, Australia

Bradley Schatz, Queensland University of Technology, Australia

Jacob Zimmermann, Queensland University of Technology, Australia

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/CSAC.2005.5

Code injection vulnerabilities continue to prevail. Attacks of this kind such as stack buffer overflows and heap buffer overflows account for roughly half of the vulnerabilities discovered in software every year. The research presented in this paper extends earlier work in the area of code injection attack detection in UNIX environments. It presents a framework for detecting new or previously unseen code injection attacks in a heterogeneous networking environment and compares code injection attack and detection strategies used in the UNIX and Windows environments. The approach presented is capable of detecting both obfuscated and clear text attacks, and is suitable for implementation in the Windows environment. A prototype intrusion detection system (IDS) capable of detecting code injection attacks, both clear text attacks and obfuscated attacks, which targets Windows systems is presented.

Citation:

Stig Andersson, Andrew Clark, George Mohay, Bradley Schatz, Jacob Zimmermann, "A Framework for Detecting Network-based Code Injection Attacks Targeting Windows and UNIX," acsac, pp.49-58, 21st Annual Computer Security Applications Conference (ACSAC'05), 2005

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.