This paper presents an automated detection method based on classification of network traffic using predefined set of network metrics. We proposed the set of metrics with focus on behavior of buffer overflow attacks and their sufficient description without the need of deep packet inspection. In this paper we describe two laboratory experiments of automated detection of buffer overflow attacks on vulnerable network services and their description by proposed set of network metrics. We present the principles of several chosen network metrics and their application on experimental attacks according to their nature in comparison to valid communication.
This paper is focused on preventing relay attacks on contactless devices, such as contactless smart cards or Near-Field Communication (NFC) devices. Relay attacks can be prevented by the so called distance bounding protocols, which are based on restricting the round trip time to some limit. Distance bounding protocols protect against all theoretical attacks, because the time limit is calculated from the maximal allowed distance and from the speed of light.Real-world attacks are not perfect and induce additional delay to the delay caused by the signal travelling longer distance. This delay is caused by hardware components processing the signal and sending it to a different location. If the communication is relayed over a distance exceeding the range of one transmitter, it is likely that some buffering will be used. If the data are sent over network using TCP/IP, the induced delay will be significant.The attacker can reduce the response time in the relay attack by overclocking the forged reader in order to get the response from the smart card faster than the legitimate reader would get it. This would give the attacker a chance to reduce the roundtrip time and not exceed the time limit defined in the distance bounding protocol.We propose a method to prevent real-world attacks that induce delays significantly longer than the delay caused by the time travelling longer distance. We also show a countermeasure to the oveclocking attacks.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.