An In-Depth Survey of Bypassing Buffer Overflow Mitigation Techniques

Butt, Muhammad Arif; Ajmal, Zarafshan; Khan, Zafar Iqbal; Idrees, Muhammad; Javed, Yasir

doi:10.3390/app12136702

Cited by 14 publications

(5 citation statements)

References 43 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Future research for the DNDF model in network traffic analysis involves exploring scalability and efficiency in IoT and IIoT networks [47], enhancing robustness against adversarial attacks through defense mechanisms [48], and investigating hardware acceleration methods for real-time implementation in edge devices, ultimately improving network security measures [49]. Additionally, considering detection overhead is crucial for expanding upon this study and further advancing its findings.…”

Section: Conflicts Of Interestmentioning

confidence: 92%

Deep Neural Decision Forest (DNDF): A Novel Approach for Enhancing Intrusion Detection Systems in Network Traffic Analysis

Alrayes,

Zakariah,

Driss

et al. 2023

Sensors

View full text Add to dashboard Cite

Intrusion detection systems, also known as IDSs, are widely regarded as one of the most essential components of an organization’s network security. This is because IDSs serve as the organization’s first line of defense against several cyberattacks and are accountable for accurately detecting any possible network intrusions. Several implementations of IDSs accomplish the detection of potential threats throughout flow-based network traffic analysis. Traditional IDSs frequently struggle to provide accurate real-time intrusion detection while keeping up with the changing landscape of threat. Innovative methods used to improve IDSs’ performance in network traffic analysis are urgently needed to overcome these drawbacks. In this study, we introduced a model called a deep neural decision forest (DNDF), which allows the enhancement of classification trees with the power of deep networks to learn data representations. We essentially utilized the CICIDS 2017 dataset for network traffic analysis and extended our experiments to evaluate the DNDF model’s performance on two additional datasets: CICIDS 2018 and a custom network traffic dataset. Our findings showed that DNDF, a combination of deep neural networks and decision forests, outperformed reference approaches with a remarkable precision of 99.96% by using the CICIDS 2017 dataset while creating latent representations in deep layers. This success can be attributed to improved feature representation, model optimization, and resilience to noisy and unbalanced input data, emphasizing DNDF’s capabilities in intrusion detection and network security solutions.

show abstract

Section: Conflicts Of Interestmentioning

confidence: 92%

Deep Neural Decision Forest (DNDF): A Novel Approach for Enhancing Intrusion Detection Systems in Network Traffic Analysis

Alrayes,

Zakariah,

Driss

et al. 2023

Sensors

View full text Add to dashboard Cite

show abstract

“…This will potentially allow the intruder to run arbitrary code. A recent survey paper on techniques to bypass mitigation techniques for buffer overflows illustrates that buffer overflow exploitation is still a big problem [3].…”

Section: Handling Of Input Datamentioning

confidence: 99%

A Call for Mandatory Input Validation and Fuzz Testing

Køien

Øverlier²

2023

Wireless Pers Commun

View full text Add to dashboard Cite

The on-going digitalization of our critical infrastructures is progressing fast. There is also a growing trend of serious and disrupting cyber-attacks. The digital services are often fragile, and with many weaknesses and vulnerabilities. This makes exploiting and attacking the services a little too easy. If the services verifies all inputs, many security threats will be avoided. Similarly, if one diligently tests the services with malformed inputs, one will uncover many security and software quality problems. In this paper we investigate “input validation” and “fuzz testing” as a means to improve security. The aim is not exhaustive coverage, but to provide indications of usefulness and to serve as a call for action.

show abstract

“…No-Execute (NX) [14] and Address Space Layout Randomization (ASLR) [15] at the hardware and operating system levels also provide some mitigation for buffer overflow vulnerabilities. Although current detection and mitigation techniques help us address the discovery of program vulnerabilities [1,[16][17][18][19], these mitigation measures are not foolproof. Return-oriented Programming (ROP) [20] attacks can effectively bypass NX.…”

Section: Related Workmentioning

confidence: 99%

Fine-Grained Modeling of ROP Vulnerability Exploitation Process under Stack Overflow Based on Petri Nets

Zhang,

Wang

et al. 2023

Electronics

View full text Add to dashboard Cite

Software vulnerability discovery is currently a hot topic, and buffer overflow remains a prevalent security vulnerability. One of the key issues in vulnerability discovery and analysis is how to quickly analyze buffer overflow vulnerabilities and select critical exploitation paths. Existing modeling methods for vulnerability exploitation cannot accurately reflect the fine-grained execution process of stack overflow exploitation paths. This paper, based on the discussion of buffer overflow exploitation techniques, proposes a fine-grained modeling and analysis method based on Petri nets for the selection and execution of exploitation processes, specifically focusing on the return-oriented programming in stack overflow. Through qualitative analysis, we compared the simulated time of the software with the execution time of existing exploitation tools, achieving timeout-based simulation experiments. We validated the model’s effectiveness using symbolic execution and dynamic analysis techniques. The results indicate that this model performs well for vulnerable programs with Position Independent Executable (PIE) protection enabled and has an advantage in selecting exploitation paths, enabling timeout-based simulation. This method provides a reference for rapidly constructing exploitation implementations.

show abstract

An In-Depth Survey of Bypassing Buffer Overflow Mitigation Techniques

Cited by 14 publications

References 43 publications

Deep Neural Decision Forest (DNDF): A Novel Approach for Enhancing Intrusion Detection Systems in Network Traffic Analysis

Deep Neural Decision Forest (DNDF): A Novel Approach for Enhancing Intrusion Detection Systems in Network Traffic Analysis

A Call for Mandatory Input Validation and Fuzz Testing

Fine-Grained Modeling of ROP Vulnerability Exploitation Process under Stack Overflow Based on Petri Nets

Contact Info

Product

Resources

About