A framework for detecting network-based code injection attacks targeting Windows and UNIX

Andersson, Stig, Clark, Andrew J., Mohay, George M., Schatz, Bradley, & Zimmermann, Jacob (2005) A framework for detecting network-based code injection attacks targeting Windows and UNIX. In Proceedings of the 21st Annual Computer Security Applications Conference, 5-9 December 2005, Tucson, Arizona.

View at publisher


Code injection vulnerabilities continue to prevail. Attacks of this kind such as stack buffer overflows and heap buffer overflows account for roughly half of the vulnerabilities discovered in software every year. The research presented in this paper extends earlier work in the area of code injection attack detection in UNIX environments. It presents a framework for detecting new or previously unseen code injection attacks in a heterogeneous networking environment and compares code injection attack and detection strategies used in the UNIX and Windows environments. The approach presented is capable of detecting both obfuscated and clear text attacks, and is suitable for implementation in the Windows environment. A prototype intrusion detection system (IDS) capable of detecting code injection attacks, both clear text attacks and obfuscated attacks, which targets Windows systems is presented.

Impact and interest:

4 citations in Scopus
Search Google Scholar™

Citation counts are sourced monthly from Scopus and Web of Science® citation databases.

These databases contain citations from different subsets of available publications and different time periods and thus the citation count from each is usually different. Some works are not in either database and no count is displayed. Scopus includes citations from articles published in 1996 onwards, and Web of Science® generally from 1980 onwards.

Citations counts from the Google Scholar™ indexing service can be viewed at the linked Google Scholar™ search.

Full-text downloads:

189 since deposited on 24 May 2009
12 in the past twelve months

Full-text downloads displays the total number of times this work’s files (e.g., a PDF) have been downloaded from QUT ePrints as well as the number of downloads in the previous 365 days. The count includes downloads for all files if a work has more than one.

ID Code: 20627
Item Type: Conference Paper
Refereed: Yes
Additional URLs:
Keywords: intrusion detection, network monitoring, code injection attack
DOI: 10.1109/CSAC.2005.5
ISBN: 0769524613
ISSN: 1063-9527
Subjects: Australian and New Zealand Standard Research Classification > INFORMATION AND COMPUTING SCIENCES (080000) > COMPUTER SOFTWARE (080300) > Computer System Security (080303)
Divisions: Past > QUT Faculties & Divisions > Faculty of Science and Technology
Past > Institutes > Information Security Institute
Copyright Owner: Copyright 2005 IEEE
Deposited On: 24 May 2009 22:18
Last Modified: 29 Feb 2012 13:13

Export: EndNote | Dublin Core | BibTeX

Repository Staff Only: item control page