A General Model and Guidelines for Attack Manifestation Generation
Paper i proceeding, 2007

Many critical infrastructures such as health care, crisis management and financial systems are part of the Internet and exposed to the rather hostile environment found there. At the same time it is recognized that traditional defensive mechanisms provide some protection, but has to be complemented with supervisory features, such as intrusion detection. Intrusion detection systems (IDS) monitor the network and the host computers for signs of intrusions and intrusion attempts. However, an IDS needs training data to learn how to discriminate between intrusion attempts and benign events. In order to properly train the detection system we need data containing attack manifestations. The provision of such manifestations may pose considerable problems and effort, especially since many attacks are not successful against a particular system version. This paper suggests a general model for how to implement an automatic tool that can be used for generation of successful attacks and finding the relevant manifestations with a limited amount of effort and time delay. Those manifestations can then promptly be used for setting up the IDS and countering the attack. To illustrate the concepts we provide an implementation example for an important attack type, the stack-smashing buffer overflow attack.

model

Execution monitoring

automation

manifestation generation

mutation

Författare

Ulf Larson

Chalmers, Data- och informationsteknik, Datorteknik

Dennis Nilsson

Chalmers, Data- och informationsteknik, Datorteknik

Erland Jonsson

Chalmers, Data- och informationsteknik, Datorteknik

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

03029743 (ISSN) 16113349 (eISSN)

Vol. 5141 274-286
978-354089095-9 (ISBN)

Ämneskategorier

Datorteknik

DOI

10.1007/978-3-540-89173-4_23

ISBN

978-354089095-9

Mer information

Skapat

2017-10-06