• Title/Summary/Keyword: Detoured Attack

Search Result 3, Processing Time 0.015 seconds

Design an Algorithm Matching TCP Connection Pairs for Intruder Traceback (침입자 역추적을 위한 TCP 연결 매칭 알고리즘 설계)

  • Kang Hyung-Woo;Hong Soon-Jwa;Lee Dong-Hoon
    • The KIPS Transactions:PartC
    • /
    • v.13C no.1 s.104
    • /
    • pp.11-18
    • /
    • 2006
  • In the field of network defense, a lot of researches are directed toward locating the source of network attacks. When an intruder launches attack not from their own computer but from intermediate hosts that they previously compromised, and these intermediate hosts are called stepping-stones. There we two kinds of traceback technologies : IP packet traceback and connection traceback. We focused on connection traceback in this paper This paper classifies process structures of detoured attack type in stepping stone, designs an algorithm for traceback agent, and implements the traceback system based on the agent

An Efficient Detecting Scheme of Web-based Attacks through Monitoring HTTP Outbound Traffics (HTTP Outbound Traffic 감시를 통한 웹 공격의 효율적 탐지 기법)

  • Choi, Byung-Ha;Choi, Sung-Kyo;Cho, Kyung-San
    • Journal of the Korea Society of Computer and Information
    • /
    • v.16 no.1
    • /
    • pp.125-132
    • /
    • 2011
  • A hierarchical Web Security System, which is a solution to various web-based attacks, seemingly is not able to keep up with the improvement of detoured or compound attacks. In this paper, we suggest an efficient detecting scheme for web-based attacks like Malware, XSS, Creating Webshell, URL Spoofing, and Exposing Private Information through monitoring HTTP outbound traffics in real time. Our proposed scheme detects web-based attacks by comparing the outbound traffics with the signatures of HTML tag or Javascript created by the attacks. Through the verification analysis under the real-attacked environment, we show that our scheme installed in a hierarchical web security system has superior detection capability for detoured web-based attacks.

Software Attack Detection Method by Validation of Flow Control Instruction’s Target Address (실행 제어 명령어의 목적 주소 검증을 통한 소프트웨어 공격 탐지 기법)

  • Choi Myeong-Ryeol;Park Sang-Seo;Park Jong-Wook;Lee Kyoon-Ha
    • The KIPS Transactions:PartC
    • /
    • v.13C no.4 s.107
    • /
    • pp.397-404
    • /
    • 2006
  • Successful software attacks require both injecting malicious code into a program's address space and altering the program's flow control to the injected code. Code section can not be changed at program's runtime, so malicious code must be injected into data section. Detoured flow control into data section is a signal of software attack. We propose a new software attack detection method which verify the target address of CALL, JMP, RET instructions, which alter program's flow control, and detect a software attack when the address is not in code section. Proposed method can detect all change of flow control related data, not only program's return address but also function pointer, buffer of longjmp() function and old base pointer, so it can detect the more attacks.