A VM-Based Detection Framework against Remote Code Execution Attacks for Closed Source Network Devices

被引：1

作者：

Shin, Youngjoo ^{[1
]}

机构：

[1] Kwangwoon Univ, Sch Comp & Informat Engn, 20 Kwangwoon Ro, Seoul 01897, South Korea

来源：

APPLIED SCIENCES-BASEL | 2019年 / 9卷 / 07期

基金：

新加坡国家研究基金会;

关键词：

network intrusion detection; SDN; NFV; virtual machine; networked embedded systems; router and switches; virtualization technology; FUNCTION VIRTUALIZATION;

D O I：

10.3390/app9071294

中图分类号：

O6 [化学];

学科分类号：

0703 ;

摘要：

Remote code execution attacks against network devices become major challenges in securing networking environments. In this paper, we propose a detection framework against remote code execution attacks for closed source network devices using virtualization technologies. Without disturbing a target device in any way, our solution deploys an emulated device as a virtual machine (VM) instance running the same firmware image as the target in a way that ingress packets are mirrored to the emulated device. By doing so, remote code execution attacks mounted by maliciously crafted packets will be captured in memory of the VM. This way, our solution enables successful detection of any kind of intrusions that leaves memory footprints.

引用

页数：9

共 50 条

[1] AUTOMATED APPROACH TO INTRUSION DETECTION IN VM-BASED DYNAMIC EXECUTION ENVIRONMENT
Zhao, Feng
Jin, Hai
[J]. COMPUTING AND INFORMATICS, 2012, 31 (02) : 271 - 297
[2] Optimal Load Distribution for the Detection of VM-Based DDoS Attacks in the Cloud
Wahab O.A.
Bentahar J.
Otrok H.
Mourad A.
[J]. Wahab, O.A. (o_abul@encs.concordia.ca), 1600, Institute of Electrical and Electronics Engineers Inc., United States (13): : 114 - 129
[3] Token based Detection and Neural Network based Reconstruction framework against code injection vulnerabilities
George, Teresa K.
Jacob, K. Poulose
James, Rekha K.
[J]. JOURNAL OF INFORMATION SECURITY AND APPLICATIONS, 2018, 41 : 75 - 91
[4] ADRIoT: An Edge-Assisted Anomaly Detection Framework Against IoT-Based Network Attacks
Li, Ruoyu
Li, Qing
Zhou, Jianer
Jiang, Yong
[J]. IEEE INTERNET OF THINGS JOURNAL, 2022, 9 (13) : 10576 - 10587
[5] A new approach of network buffer overflow detection based on code execution simulation
Research Center of Computer Network and Information Security Technology, Harbin Institute of Technology, Harbin 150001, China
不详
[J]. Harbin Gongye Daxue Xuebao/Journal of Harbin Institute of Technology, 2007, 39 (09): : 1436 - 1439
[6] A framework for detecting network-based code injection attacks targeting windows and UNIX
Andersson, S
Clark, A
Mohay, G
Schatz, B
Zimmermann, J
[J]. 21st Annual Computer Security Applications Conference, Proceedings, 2005, : 41 - 50
[7] A Network Coding Against Wiretapping Attacks of the Physical Layer Security Based on LDPC Code
Zheng, Yujie
Fu, Jingqi
[J]. INTELLIGENT COMPUTING AND INTERNET OF THINGS, PT II, 2018, 924 : 429 - 440
[8] Chaos Theory Based Detection against Network Mimicking DDoS Attacks
Chonka, Ashley
Singh, Jaipal
Zhou, Wanlei
[J]. IEEE COMMUNICATIONS LETTERS, 2009, 13 (09) : 717 - 719
[9] Attacks against computer network: Formal grammar-based framework and simulation tool
Gorodetski, V
Kotenko, I
[J]. RECENT ADVANCES IN INTRUSION DETECTION, PROCEEDINGS, 2002, 2516 : 219 - 238
[10] InfOrmation theory based detection against network behavior mimicking DDoS attacks
Yu, Shui
Zhou, Wanlei
Doss, Robin
[J]. IEEE COMMUNICATIONS LETTERS, 2008, 12 (04) : 319 - 321

← 1 2 3 4 5 →