Detecting Return-to-libc Buffer Overflow Attacks Using Network Intrusion Detection Systems

Day, David; Zhao, Zhen; Ma, Minhua

doi:10.1109/icds.2010.37

Cited by 6 publications

(2 citation statements)

References 3 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Modifying the program during execution [2] is another class of attacks that we target. Specific instances of this class include buffer-overflow attack [17] and return-to-libc attack [18].…”

Section: The Threat Modelmentioning

confidence: 99%

Are hardware performance counters a cost effective way for integrity checking of programs

Malone

Zahran

Karri

2011

Proceedings of the Sixth ACM Workshop on Scalable Trusted Computing

View full text Add to dashboard Cite

In this paper, we propose to use hardware performance counters (HPC) to detect malicious program modifications at load time (static) and at runtime (dynamic). HPC have been used for program characterization and testing, system testing and performance evaluation, and as side channels. We propose to use HPCs for static and dynamic integrity checking of programs.. The main advantage of HPC-based integrity checking is that it is almost free in terms of hardware cost; HPCs are built into almost all processors. The runtime performance overhead is minimal because we use the operating system for integrity checking, which is called anyway for process scheduling and other interrupts. Our preliminary results confirm that HPC very efficiently detect program modifications with very low cost.

show abstract

“…Modifying the program during execution [2] is another class of attacks that we target. Specific instances of this class include buffer-overflow attack [17] and return-to-libc attack [18].…”

Section: The Threat Modelmentioning

confidence: 99%

Are hardware performance counters a cost effective way for integrity checking of programs

Malone

Zahran

Karri

2011

Proceedings of the Sixth ACM Workshop on Scalable Trusted Computing

View full text Add to dashboard Cite

show abstract

“…The return address attack targets return to libc, in which an adversary injects a malicious code that executes a hidden function in the background, which can go undetected by the system [40]. This attack does not need an executable stack or a shellcode but instead causes the main code to jump to the malicious program.…”

Section: Return Address Attacksmentioning

confidence: 99%

Hardware Secure Execution and Simulation Model Correlation using IFT on RISC-V

Nicholas

Thakar

Saqib

2021

Proceedings of the 2021 on Great Lakes Symposium on VLSI

View full text Add to dashboard Cite

show abstract

Vulnerability detection in Java source code using a quantum convolutional neural network with self-attentive pooling, deep sequence, and graph-based hybrid feature extraction

Hussain,

Nadeem,

Baber

et al. 2024

Sci Rep

View full text Add to dashboard Cite

Software vulnerabilities pose a significant threat to system security, necessitating effective automatic detection methods. Current techniques face challenges such as dependency issues, language bias, and coarse detection granularity. This study presents a novel deep learning-based vulnerability detection system for Java code. Leveraging hybrid feature extraction through graph and sequence-based techniques enhances semantic and syntactic understanding. The system utilizes control flow graphs (CFG), abstract syntax trees (AST), program dependencies (PD), and greedy longest-match first vectorization for graph representation. A hybrid neural network (GCN-RFEMLP) and the pre-trained CodeBERT model extract features, feeding them into a quantum convolutional neural network with self-attentive pooling. The system addresses issues like long-term information dependency and coarse detection granularity, employing intermediate code representation and inter-procedural slice code. To mitigate language bias, a benchmark software assurance reference dataset is employed. Evaluations demonstrate the system's superiority, achieving 99.2% accuracy in detecting vulnerabilities, outperforming benchmark methods. The proposed approach comprehensively addresses vulnerabilities, including improper input validation, missing authorizations, buffer overflow, cross-site scripting, and SQL injection attacks listed by common weakness enumeration (CWE).

show abstract

Detecting Return-to-libc Buffer Overflow Attacks Using Network Intrusion Detection Systems

Cited by 6 publications

References 3 publications

Are hardware performance counters a cost effective way for integrity checking of programs

Are hardware performance counters a cost effective way for integrity checking of programs

Hardware Secure Execution and Simulation Model Correlation using IFT on RISC-V

Vulnerability detection in Java source code using a quantum convolutional neural network with self-attentive pooling, deep sequence, and graph-based hybrid feature extraction

Contact Info

Product

Resources

About