CiteSeerX — Search Results — Co-processor-based Behavior Monitoring: Application to the Detection of Attacks Against the System Management Mode

Results 1 - 10 of 232

Architecture Support for Defending Against Buffer Overflow Attacks

by Jun Xu, Zbigniew Kalbarczyk, Sanjay Patel, Ravishankar K. Iyer , 2002

"... Buffer overflow attacks are the predominant threat to the secure operation of network and in particular, Internetbased applications. Stack smashing is a common mode of buffer overflow attack for hijacking system control. This paper evaluates two architecture-based techniques to defend systems agains ..."

Abstract - Cited by 60 (1 self) - Add to MetaCart

Buffer overflow attacks are the predominant threat to the secure operation of network and in particular, Internetbased applications. Stack smashing is a common mode of buffer overflow attack for hijacking system control. This paper evaluates two architecture-based techniques to defend systems

ROPdefender: A detection tool to defend against return-oriented programming attacks

by Lucas Davi, Ahmad-reza Sadeghi, Marcel Winandy , 2010

"... Return-oriented programming (ROP) is a technique that enables an adversary to construct malicious programs with the desired behavior by combining short instruction sequences that already reside in the memory space of a program. ROP attacks have already been demonstrated on various processor architec ..."

Abstract - Cited by 48 (5 self) - Add to MetaCart

architectures ranging from PCs to smartphones and special-purpose systems. In this paper, we present our tool, ROPdefender, that dynamically detects conventional ROP attacks (that are based on return instructions) with a reasonable runtime overhead of 2x. In contrast to existing solutions, (i) ROPdefender does

Tolerating Overload Attacks Against Packet Capturing Systems

by Antonis Papadogiannakis, Michalis Polychronakis, Evangelos P. Markatos - in USENIX Annual Technical Conference (ATC , 2012

"... Passive network monitoring applications such as in-trusion detection systems are susceptible to overloads, which can be induced by traffic spikes or algorithmic sin-gularities triggered by carefully crafted malicious pack-ets. Under overload conditions, the system may consume all the available resou ..."

Abstract - Cited by 5 (3 self) - Add to MetaCart

Passive network monitoring applications such as in-trusion detection systems are susceptible to overloads, which can be induced by traffic spikes or algorithmic sin-gularities triggered by carefully crafted malicious pack-ets. Under overload conditions, the system may consume all the available

An Architecture of Unknown Attack Detection System against Zero-day Worm

by Ikkyun Kim, Daewon Kim, Byoungkoo Kim, Yangseo Choi, Seongyong Yoon, Jintae Oh, Jongsoo Jang

"... Abstract: We have introduced the ZASMIN (Zeroday-Attack Signature Management Infrastructure) system, which is developed for novel network attack detection. This system provides early warning at the moment the attacks start to spread on the network and to block the spread of the cyber attacks by auto ..."

Abstract - Cited by 1 (0 self) - Add to MetaCart

Abstract: We have introduced the ZASMIN (Zeroday-Attack Signature Management Infrastructure) system, which is developed for novel network attack detection. This system provides early warning at the moment the attacks start to spread on the network and to block the spread of the cyber attacks

Communication-efficient distributed monitoring of thresholded counts

by Ram Keralapura, Graham Cormode, Jai Ramamirtham - In Proc. of SIGMOD’06 , 2006

"... Monitoring is an issue of primary concern in current and next gen-eration networked systems. For example, the objective of sensor networks is to monitor their surroundings for a variety of differ-ent applications like atmospheric conditions, wildlife behavior, and troop movements among others. Simil ..."

Abstract - Cited by 78 (11 self) - Add to MetaCart

. Similarly, monitoring in data net-works is critical not only for accounting and management, but also for detecting anomalies and attacks. Such monitoring applications are inherently continuous and distributed, and must be designed to minimize the communication overhead that they introduce. In this context

Multivariate Statistical Analysis for Network Attacks Detection

by Guangzhi Qu, Salim Hariri

"... Detection and self-protection against viruses, worms, and network attacks is urgently needed to protect network systems and their applications from catastrophic failures. Once a network component is infected by viruses, worms, or became a target of network attacks, its operational state shifts from ..."

Abstract - Add to MetaCart

Detection and self-protection against viruses, worms, and network attacks is urgently needed to protect network systems and their applications from catastrophic failures. Once a network component is infected by viruses, worms, or became a target of network attacks, its operational state shifts from

Multivariate Statistical Online Analysis for Self Protection against Network Attacks

by Guangzhi Qu, Salim Hariri, Xuejun Zhu, Jionghua Jin

"... Detection and self-protection against viruses, worms, and network attacks is urgently needed to protect network systems and their applications from catastrophic loss. Once a network component is infected by viruses, worms, or became a target of the network attacks, its operation state will shift fro ..."

Abstract - Cited by 2 (2 self) - Add to MetaCart

Detection and self-protection against viruses, worms, and network attacks is urgently needed to protect network systems and their applications from catastrophic loss. Once a network component is infected by viruses, worms, or became a target of the network attacks, its operation state will shift

INTRUSION DETECTION IN MULTITIER WEB APPLICATIONS

by Shenbagalakshmi Gunasekaran, K. Muneeswaran

"... Intrusion Detection Systems endeavor at detecting attacks against computer systems and networks that offer techniques for modeling and distinguish normal and abusive system behavior. Web Applications are widely used for critical services and sophistication of attacks against these applications has g ..."

Abstract - Add to MetaCart

Intrusion Detection Systems endeavor at detecting attacks against computer systems and networks that offer techniques for modeling and distinguish normal and abusive system behavior. Web Applications are widely used for critical services and sophistication of attacks against these applications has

HyperCheck: A Hardware-Assisted Integrity Monitor

by Jiang Wang, Angelos Stavrou, Anup Ghosh

"... Abstract. Over the past few years, virtualization has been employed to environments ranging from densely populated cloud computing clusters to home desktop computers. Security researchers embraced virtual machine monitors (VMMs) as a new mechanism to guarantee deep isolation of untrusted software co ..."

Abstract - Cited by 33 (8 self) - Add to MetaCart

components. Unfortunately, their widespread adoption promoted VMMs as a prime target for attackers. In this paper, we present HyperCheck, a hardware-assisted tampering detection framework designed to protect the integrity of VMMs and, for some classes of attacks, the underlying operating system (OS). Hyper

1Run-Time Defense against Code Injection Attacks using Replicated Execution

by Babak Salamat, Todd Jackson, Gregor Wagner, Christian Wimmer, Michael Franz

"... Abstract—The number and complexity of attacks on computer systems are increasing. This growth necessitates proper defense mechanisms. Intrusion detection systems play an important role in detecting and disrupting attacks before they can compromise software. Multi-variant execution is an intrusion de ..."

Abstract - Add to MetaCart

and preventing code injection attacks. The empirical results demonstrate that dual-variant execution has on average 17 % performance overhead when deployed on multi-core processors. Index Terms—Intrusion detection, multi-variant execution, n-variant execution, system call. F 1

Results 1 - 10 of 232

Tools