bufSTAT – A Tool for Early Detection and Classification of Buffer Overflow Attacks

bufSTAT – A Tool for Early Detection and Classification of Buffer Overflow Attacks

Title : bufSTAT - A Tool for Early Detection and Classification of Buffer Overflow Attacks
Authors :
Seamon, Karl
Radosavac, Svetlan
Baras, John, S.
Conference : First International Conference on Security and Privacy for Emerging Areas in Communication Networks
Date: September 05 - September 09, 2005

Buffer overflows constitute by far the most frequently encountered class of attacks against computer systems. In this paper we introduce a tool, termed bufSTAT that achieves a low probability of false alarm and issues early attack warnings. BufSTAT relies on Finite State Machines (FSM) for attack modeling and can detect every stage of an ongoing attack and can thus prevent its execution by issuing early warning in a progressive manner. It can also detect sophisticated multi-stage attacks that are executed over long periods of time. A significant attribute of our approach is that it is amenable to detecting unknown attacks as well after appropriate modification of bufSTAT.

Download Full Paper