Swarm Attacks against Network-Level Emulation/Analysis

نویسندگان

Simon P. Chung

Aloysius K. Mok

چکیده

It is always assumed that if the attackers can achieve their goal by exploiting a vulnerability once, they won’t exploit it twice. This assumption shapes our view of what attacks look like, and affects the design of many security systems. In this work, we propose the swarm attack, in which the attacker deliberately exploits the same vulnerability multiple times, each intended to carry out only a small part of the attack goal. We have studied eight systems that detect attacks using networklevel emulation/analysis, and find them surprisingly vulnerable to attacks based on this strategy.

برای دانلود رایگان متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Generic Detection of Code Injection Attacks using Network-level Emulation

Code injection attacks against server and client applications have become the primary method of malware spreading. A promising approach for the detection of previously unknown code injection attacks at the network level, irrespective of the particular exploitation method used or the vulnerability being exploited, is to identify the malicious code that is part of the attack vector, also known as...

متن کامل

Improving Tor security against timing and traffic analysis attacks with fair randomization

The Tor network is probably one of the most popular online anonymity systems in the world. It has been built based on the volunteer relays from all around the world. It has a strong scientific basis which is structured very well to work in low latency mode that makes it suitable for tasks such as web browsing. Despite the advantages, the low latency also makes Tor insecure against timing and tr...

متن کامل

Real-world Detection of Polymorphic Attacks

As state-of-the-art attack detection technology becomes more prevalent, attackers have started to employ evasion techniques such as code obfuscation and polymorphism to defeat existing defenses. We have recently proposed network-level emulation, a heuristic detection method that scans network traffic to detect polymorphic attacks. Our approach uses a CPU emulator to dynamically analyze every po...

متن کامل

An Empirical Study of Real-world Polymorphic Code Injection Attacks

Remote code injection attacks against network services remain one of the most effective and widely used exploitation methods for malware propagation. In this paper, we present a study of more than 1.2 million polymorphic code injection attacks targeting production systems, captured using network-level emulation. We focus on the analysis of the structure and operation of the attack code, as well...

متن کامل