NBA of obfuscated network vulnerabilities' exploitation hidden into HTTPS traffic

@article{Homoliak2014NBAOO,
  title={NBA of obfuscated network vulnerabilities' exploitation hidden into HTTPS traffic},
  author={Ivan Homoliak and Daniel Ovsonka and Matej Gr{\'e}gr and Petr Han{\'a}cek},
  journal={The 9th International Conference for Internet Technology and Secured Transactions (ICITST-2014)},
  year={2014},
  pages={310-317}
}
This paper examines the detection properties of obfuscated network buffer overflow attacks by selected IDS and NBA. The obfuscation was performed by tunneling the malicious traffic in HTTP and HTTPS protocols with the intention of simulating the usual legitimate characteristics of the HTTP traffic's flow. The buffer overflow vulnerabilities of four services were used: Samba, BadBlue, Apache, DCOM RPC. Exploitation was performed in a virtual network environment by using scenarios simulating real… CONTINUE READING

Citations

Publications citing this paper.

References

Publications referenced by this paper.
SHOWING 1-10 OF 25 REFERENCES

Polymorphic Blending Attacks

VIEW 6 EXCERPTS
HIGHLY INFLUENTIAL

How to write Buffer Overflows

Insecure.Org
  • Access Date: 1 Dec, 2014. [Online]. Available: http://insecure.org/stf/mudge buffer overflow tutorial.html
  • 2014
VIEW 1 EXCERPT

How to write Buffer Overflows

Insecure.Org
  • Access Date: 1 Dec, 2014. [Online]. Available: http://insecure.org/stf/mudge buffer overflow tutorial.html
  • 2014
VIEW 1 EXCERPT

Wireshark-network protocol analyzer

G. Combs
  • Access Date: 1 Dec, 2014. [Online]. Available: www.wireshark.org
  • 2014
VIEW 1 EXCERPT

Wireshark-network protocol analyzer

G. Combs
  • Access Date: 1 Dec, 2014. [Online]. Available: www.wireshark.org
  • 2014
VIEW 1 EXCERPT

ASNM : Advanced Security Network Metrics for Attack Vector Description , ” in Proceedings of the 2013 International Conference on Security & Management

M. Barabas I. Homoliak, P. Chmelar, M. Drozd, P. Hanacek
  • 2013

ASNM : Advanced Security Network Metrics for Attack Vector Description , ” in Proceedings of the 2013 International Conference on Security & Management

M. Barabas I. Homoliak, P. Chmelar, M. Drozd, P. Hanacek
  • 2013

Similar Papers

Loading similar papers…