Taxonomy of SSL/TLS Attacks

Keerthi, K; P., Arun Raj Kumar

doi:10.5815/ijcnis.2016.02.02

Cited by 8 publications

(1 citation statement)

References 26 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This approach is called control-based attack, in which an intruder misuses a memory flaw, such as a buffer overflow or use-after-free, to overwrite control-data such as a return address or function pointer and thereby modifies the control-flow of the program. In order to get the control of an application, which is referred to as hijacking [2], primarily it is necessary to inject specific data which can be run to get the control of system. This method is known, in the cyber world, as control-data attack.…”

Section: Definition Of Problem (Data Modification Attack)mentioning

confidence: 99%

Modification data attack inside computer systems: a critical review

Amiri

Brujeni

et al. 2020

Comput. Sci. Inf. Technol.

View full text Add to dashboard Cite

This paper is a review of types of modification data attack based on computer systems and it explores the vulnerabilities and mitigations. Altering information is a kind of cyber-attack during which intruders interfere, catch, alter, take or erase critical data on the PCs and applications through using network exploit or by running malicious executable codes on victim's system. One of the most difficult and trendy areas in information security is to protect the sensitive information and secure devices from any kind of threats. Latest advancements in information technology in the field of information security reveal huge amount of budget funded for and spent on developing and addressing security threats to mitigate them. This helps in a variety of settings such as military, business, science, and entertainment. Considering all concerns, the security issues almost always come at first as the most critical concerns in the modern time. As a matter of fact, there is no ultimate security solution; although recent developments in security analysis are finding daily vulnerabilities, there are many motivations to spend billions of dollars to ensure there are vulnerabilities waiting for any kind of breach or exploit to penetrate into the systems and networks and achieve particular interests. In terms of modifying data and information, from old-fashioned attacks to recent cyber ones, all of the attacks are using the same signature: either controlling data streams to easily breach system protections or using non-control-data attack approaches. Both methods can damage applications which work on decision-making data, user input data, configuration data, or user identity data to a large extent. In this review paper, we have tried to express trends of vulnerabilities in the network protocols’ applications.

show abstract

Section: Definition Of Problem (Data Modification Attack)mentioning

confidence: 99%

Modification data attack inside computer systems: a critical review

Amiri

Brujeni

et al. 2020

Comput. Sci. Inf. Technol.

View full text Add to dashboard Cite

show abstract

Botnets Unveiled: A Comprehensive Survey on Evolving Threats and Defense Strategies

Asadi,

Jamali,

Heidari

et al. 2024

Trans Emerging Tel Tech

View full text Add to dashboard Cite

Botnets have emerged as a significant internet security threat, comprising networks of compromised computers under the control of command and control (C&C) servers. These malevolent entities enable a range of malicious activities, from denial of service (DoS) attacks to spam distribution and phishing. Each bot operates as a malicious binary code on vulnerable hosts, granting remote control to attackers who can harness the combined processing power of these compromised hosts for synchronized, highly destructive attacks while maintaining anonymity. This survey explores botnets and their evolution, covering aspects such as their life cycles, C&C models, botnet communication protocols, detection methods, the unique environments botnets operate in, and strategies to evade detection tools. It analyzes research challenges and future directions related to botnets, with a particular focus on evasion and detection techniques, including methods like encryption and the use of covert channels for detection and the reinforcement of botnets. By reviewing existing research, the survey provides a comprehensive overview of botnets, from their origins to their evolving tactics, and evaluates how botnets evade detection and how to counteract their activities. Its primary goal is to inform the research community about the changing landscape of botnets and the challenges in combating these threats, offering guidance on addressing security concerns effectively through the highlighting of evasion and detection methods. The survey concludes by presenting future research directions, including using encryption and covert channels for detection and strategies to strengthen botnets. This aims to guide researchers in developing more robust security measures to combat botnets effectively.

show abstract