Buffer Overflows and Worms (and more...)

This page is not being updated for the time being...

Buffer Overflow Attacks

  1. Aleph One, "Smashing the Stack for Fun and Profit", Phrack, Volume 7, Issue 49
  2. Bulba and Kil3r, "Bypassing StackGuard and StackShield", Phrack, Volume 5, Issue 56
  3. DilDog, "The Tao of Windows Buffer Overflow"
  4. Matt Conover & w00w00 Security Development, "Heap Overflow Tutorial", January 1999

Buffer Overflow Defenses

  1. Solar Designer, Non-Executable User Stack
  2. R. Jones, P. Kelly, "Bounds Checking for C"
  3. D. Evans, "Static Detection of Dynamic Memory Errors", PLDI 1996
  4. R. Jones, P. Kelly, "Backwards-compatible Bounds Checking for Arrays and Pointers in C Programs", In M. Kamkar and D. Byers, editors, Third International Workshop on Automated Debugging, 1997
  5. C. Cowan, C. Pu, D. Maier, H. Hinton, J. Wadpole, P. Bakke, S. Beattie, A. Grier, P. Wagle, Q. Zhang, "StackGuard: Automatic Detection and Prevention of Buffer-overrun Attacks", In Proceedings of the 7th USENIX Security Symposium, January 1998
  6. A. Ghosh, T. O'Connor, "Analyzing Programs for Vulnerability to Buffer Overrun Attacks", Technical Report, Reliable Siftware Technologies, January 1998
  7. A. Simon, A. King, "Analyzing String Buffers in C", In International Conference on Algebraic Methodology and Software Technology, 2000
  8. D. Wagner, J. Foster, E. Brewer, A. Aiken, "A First Step towards Automated Detection of Buffer Overrun Vulnerabilities", In Proceedings of the Network and Distributed System Security Symposium, February 2000
  9. T. Chiueh, F. Hsu, "RAD: A Compile Time Solution for Buffer Overflow Attacks", 21st IEEE International Conference on Distributed Computing Systems (ICDCS), April 2001
  10. B. Chess, "Improving Computer Security using Extended Static Checking", In Proceedings of the 2002 IEEE Symposium on Security and Privacy, May 2002
  11. S. Bhatkar, D. DuVarney, R. Sekar, "Address Obfuscation: An Efficient Approach to Combat a Broad Range of Memory Error Exploits", In Proceedings of the 12th USENIX Security Symposium, August 2003
  12. G. Kc, A. Keromytis, V. Prevelakis, "Countering Code-Injection Attacks with Instruction-Set Randomization", In Proceedings of the 10th ACM Conference on Computer and Communication Security, October 2003
  13. J. Rabek, R. Khazan, S. Lewandowski, R. Cunningham, "Detection of Injected, Dynamically Generated, and Obfuscated Malicious Code", In Proceedings of the 2003 ACM Workshop on Rapid Malcode, October 2003
  14. H. Shacham, M. Page, B. Pfaff, E. Goh, N. Modadugu, D. Boneh, "On the Effectiveness of Address Space Randomization", In Proceedings of te 11th ACM Conference on Computer and Communication Security, October 2004
  15. J. Crandall, F. Chong, "A Security Assessment of the Minos Architecture", In the Workshop on Architectural Support for Security and Antivirus (WASSA), October 2004
  16. J. Crandall, F. Chong, "Minos: Control Data Attack Prevention Orthogonal to Memory Model", In the 37th International Symposium on Microarchitecture, December 2004
  17. G. Suh, J. Lee, S. Devadas, "Secure Program Execution Via Dynamic Information Flow Tracking", In the 11th International Conference on Architectural Support for Programming Languages and Operating Systems, October 2004
  18. J. Newsome and D. Song, "Dynamic Taint Analysis for Automatic Detection, Analysis, and Signature Generation of Exploits on Commodity Software", In Proceedings of the 12th Annual Network and Distributed System Security Symposium (NDSS 05), February 2005

Worms - General

  1. E. Spafford, "The Internet Worm Program: An Analysis", Computer Communication Review, January 1989
  2. N. Weaver, "Potential Strategies for High Speed Active Worms: A Worst Case Analysis", 2002
  3. S. Staniford, V. Paxson, N. Weaver, "How to 0wn the Internet in your Spare Time", In Proceedings of the 11th USENIX Security Symposium, August 2002
  4. C. Zou, W. Gong, D. Towsley, "Code Red Propagation Modeling and Analysis", In Proceedings of the 9th ACM Conference on Computer and Communication Security, 2002
  5. D. Moore, C. Shannon, J. Brown, "Code-Red: A Case Study on the Spread and Victims of an Internet Worm", In Proceedings of the 2nd Internet Measurement Workshop (IMW), November 2002
  6. Z. Chen, L. Gao, K. Kwiat, "Modeling the Spread of Active Worms", IEEE INFOCOM, 2003
  7. D. Moore, V. Paxson, S. Savage, C. Shannon, S. Staniford, N. Weaver, "The Spread of the Sapphire/Slammer Worm", Technical Report, February 2003
  8. D. Moore, V. Paxson, S. Savage, C. Shannon, S. Staniford, N. Weaver, "Inside the Slammer Worm", Security and Privacy, July/August 2003
  9. N. Weaver, V. Paxson, S. Staniford, R. Cunningham, "A Taxonomy of Computer Worms", In Proceedings of the 2003 ACM Workshop on Rapid Malcode, October 2003
  10. D. Kienzle, M. Elder, "Recent Worms: A Survey and Trends", In Proceedings of the 2003 ACM Workshop on Rapid Malcode, October 2003
  11. C. Zou, D. Towsley, W. Gong, "Worm Propagation Modeling and Analysis under Dynamic Quarantine Defense", In Proceedings of the 2003 ACM Workshop on Rapid Malcode, October 2003
    12. In Proceedings of the 2003 ACM Workshop on Rapid Malcode, October 2003
  12. M. Liljenstam, D. Nicol, V. Berk, R. Gray, "Simulating Realistic Network Worm Traffic for Worm Warning System Design and Testing", In Proceedings of the 2003 ACM Workshop on Rapid Malcode, October 2003
  13. C. Zou, D. Towsley, W. Gong, S. Cai, "Routing Worm: A Fast, Selective Attack Worm Based on IP Address Information"
  14. S. Staniford, D. Moore, V. Paxson, N. Weaver, "The Top Speed of Flash Worms", In Proceedings of the 2004 ACM Workshop on Rapid Malcode, October 2004
  15. C. Zou, D. Towsley, W. Gong, "Email Worm Modeling and Defense," 13th International Conference on Computer Communicaions and Networks, October 2004
  16. The Worm FAQ by Stuart Staniford

Worm Detection

  1. G. Bakos and V. Berk, "Early Detection of Internet Worm Activity by Metering ICMP Destination Unreachable Activity", In Proceedings of the SPIE conference on Sensors, and Command, Control, Communications and Intelligence, April 2002
  2. S. Singh, C. Estan, G. Varghese, S. Savage, "The EarlyBird System for Real-time Detection of Unknown Worms", Technical Report CS2003-0761, UCSD, 2003
  3. V. Berk, G. Bakos, R. Morris, "Designing a Framework for Active Worm Detection on Global Networks", In Proceedings of the IEEE International Workshop on Information Assurance, March 2003
  4. D. Moore, C. Shannon, G. Voelker, S. Savage, "Internet Quarantine: Requirements for Containing Self-Propagating Code", In Proceedings of the 22nd Joint Conference of IEEE Computer and Communication Societies (INFOCOM 2003), April 2003
  5. V. Berk, R. Gray, G. Bakos, "Using Sensor Networks and Data Fusion for Early Detection of Active Worms", In Proceedings of the SPIE Aerosense conference, April 2003
  6. V. Berk, G. Bakos, R. Morris, "Designing a Framework for Active Worm Detection on Global Networks", In Proceedings of the IEEE International Workshop on Information Assurance, March 2003
  7. C. Zou, L. Gao, W. Gong, D. Towsley, "Monitoring and Early Warning for Internet Worms", In Proceedings of the 10th ACM Conference on Computer and Communication Security, October 2003
  8. C. Kreibich, J. Crowcroft, "Honeycomb - Creating Intrusion Detection Signatures Using Honeypots", In Proceedings of the 2nd Workshop on Hot Topics in Networks (HotNets-II), November 2003
  9. V. Berk, W. Chung, V. Crespi, G. Cybenko, R. Gray, D. Hernando, G. Jiang, H. Li, Y. Sheng, "Process Query Systems for Surveillance and Awareness", In Proceedings of the Systemics, Cybernetics and Informatics (SCI2003) conference, Orlando Florida, July 2003
  10. J. Wu, S. Vangala, L. Gao, K. Kwiat, "An Effective Architecture and Algorithm for Detecting Worms with Various Scan Techniques", In Proceedings of the Network and Distributed System Security Symposium, February 2004
  11. X. Qin, D. Dagon, G. Gu, W. Lee, "Worm Detection Using Local Networks", Technical Report GIT-CC-04-04, College of Computing, Georgia Tech, February, 2004
  12. D. Dagon, X. Qin, G. Gu, W. Lee, J. Grizzard, J. Levine, H. Owen, "HoneyStat: Local Worm Detection Using Honeypots", In Recent Advances In Intrusion Detection (RAID) 2004
  13. J. Jung, S. Schechter, A. Berger, "Fast Detection of Scanning Worm Infections", In Recent Advances In Intrusion Detection (RAID) 2004
  14. H. Kim, B. Karp, "Autograph: Toward Automated, Distributed Worm Signature Detection", In Proceedings of the 13th USENIX Security Symposium, August 2004
  15. N. Weaver, S. Staniford, V. Paxson, "Very Fast Containment of Scanning Worms", In Proceedings of the 13th USENIX Security Symposium, August 2004
  16. S. Singh, C. Estan, G. Varghese, S. Savage, "Automated Worm Fingerprinting", In Proceedings of the ACM/USENIX Symposium on Operating System Design and Implementation, December 2004
  17. G. Gu, M. Sharif, X. Qin, D. Dagon, W. Lee, G. Riley, "Worm Detection, Early Warning and Response Based on Local Victim Information", To appear at the 20th Annual Computer Security Applications Conference
  18. DARPA: Dynamic Quarantine of Worms

Worm Polymorphism

  1. O. Kolesnikov, W. Lee, "Advanced Polymorphic Worms: Evading IDS by Blending in with Normal Traffic", 2004
  2. J. Newsome, B. Karp, D. Song, "Polygraph: Automatic Signature Generation for Polymorphic Worms", In IEEE Security and Privacy Symposium, May 2005
  3. Polymorphism Toolkits
    1. ADMmutate
    2. Jempi Scodes
    3. CLET Polymorphism Engine

Obfuscation

  1. A. Herzberg, S. Pinter, "Public Protection of Software", In Proceedings of Advances in Cryptology, 1985
  2. C. Colberg, C. Thomborson, D. Low, "A Taxonomy of Obfuscating Transformations", Technical Report #148, University of Auckland, New Zealand, 1997
  3. C. Colberg, C. Thomborson, D. Low, "Manufacturing Cheap, Resilient, and Stealthy Opaque Constructs", In Proceedings of the ACM Symposium on Principles of Programming Languages, 1998
  4. C. Wang, J. Hill, J. Knight, J. Davidson, "Software Tamper Resistance: Obstructing Static Analysis of Programs", University of Virginia Technical Report N 12, 2000
  5. B. Barak, O. Goldreich, R. Impagliazzo, S. Rudich, A. Sahai, S. Vadhan, K. Yang, "On the (Im)possibility of Obfuscating Programs", 2001
  6. S. Chow, Y. Gu, H. Johnson, V.A. Zakharov, "Deobfuscation is in NP", August 2002
  7. T. Ogiso, Y. Sakabe, M. Soshi, A. Miyaji, " Software Obfuscation on a Theoretical Basis and Its Implementation", Published in IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences, Special Section on Cryptography and Information Security, E86-A(1), 2003
  8. C. Linn, S. Debray, "Obfuscation of Executable Code to Improve Resistance to Static Disassembly", In Proceedings of the 10th ACM Conference on Computer and Communication Security, October 2003
  9. T. Ogiso, Y. Sakabe, M. Soshi, A. Miyaji, "Software Obfuscation on a Theoretical Basis and its Implementation", In IEICE Transcations on Fundamentals of Electronics, Communications, and Computer Sciences, Special Section on Cryptography and Information Security, 2003
  10. B. Lynn, M. Prabhakaran, A. Sahai, "Positive Results and Techniques for Obfuscation", In Eurocrypt, 2004
  11. C. Kruegel, W. Robertson, F. Valeur, G. Vigna, "Static Disassembly of Obfuscated Binaries", In Proceedings of the 13th USENIX Security Symposium, 2004

Port Scanning

  1. S. Robertson, E. Siegel, M. Miller, S. Stolfo, "Surveillance Detection in High Bandwidth Environments", In Proceedings of the 2003 DARPA DISCEX III Conference, April 2003
  2. J. Jung, V. Paxson, A. Berger, H. Balakrishnan, "Fast Portscan Detection Using Sequential Hypothesis Testing", In Proceedings IEEE Symposium on Security and Privacy, May 2004

Intrusion Detection Correlation

  1. IDS Reading List
  2. S. Staniford-Chen, R. Crawford, M. Dilger, J. Frank, J. Hoagland, K. Levitt, D. Zerkle, "GrIDS: A Graph-Based Intrusion Detection System for Large Networks", In Proceedings of the 19th National Information Systems Security Conference, 1996
  3. S. Cheung, R. Crawford, M. Dilger, J. Frank, J. Hoagland, K. Levitt, J. Rowe, S. Staniford-Chen, R. Yip, D. Zerkle, "The Design of GrIDS: A Graph-Based Intrusion Detection System", UC Davis Technical Report CSE-99-2, 1999
  4. A. Valdes, K. Skinner, "Probabilistic Alert Correlation", In Recent Advances in Intrusion Detection, 2001
  5. H. Debar, A. Wespi, "Aggregation and Correlation of Intrusion Detection Alerts", In Recent Advances in Intrusion Detection, 2001
  6. O. Dain, R. Cunningham, "Building Scenarios from a Heterogeneous Alert Stream", In Proceedings of the 2001 IEEE Workshop on Information Assurance and Security, 2001
  7. O. Dain, R. Cunningham, "Fusing a Heterogenous Alert Stream Into Scenarios", In Proceedings of the 2001 IEEE Workshop on Data Mining for Security Applications, November 2001
  8. P. Ning, D. Reeves, Y. Cui, "Correlating Alerts Using Prerequisites of Intrusions", Technical Report, TR-2001-13, North Carolina State University, Department of Computer Science, December 2001
  9. D. Burroughs, L. Wilson, G. Cybenko, "Analysis of Distributed Intrusion Detection Systems Using Bayesian Methods", In IPCCC, April 2002
  10. P. Ning, Y. Cui, D. Reeves, "Analyzing Intensive Intrusion Alerts via Correlation", In Recent Advances in Intrusion Detection, 2002
  11. P. Porras, M. Fong, A. Valdes, "A Mission-Impact-Based Approach to INFOSEC Alarm Correlation", In RAID 2002
  12. K. Julisch, M. Dacier, "Mining Intrusion Detection Alarms for Actionable Knowledge", In SIGKDD 2002
  13. P. Ning, Y. Cui, D. Reeves, "Constructing Attack Scenarios through Correlation of Intrusion Alerts", In CCS 2002
  14. F. Cuppens, A. Miege, "Alert Correlation in a Cooperative Intrusion Detection Framework", In Proceedings of the IEEE Symposium on Security and Privacy, 2002
  15. S. Cheung, U. Lindqvist, M. Fong, "Modeling Multistep Cyber Attacks for Scenario Recognition", DISCEX, April 2003
  16. P. Ning, D. Xu, "Learning Attack Strategies from Intrusion Alerts", In CCS 2003
  17. X. Qin, W. Lee, "Statistical Causality Analysis of INFOSEC Alert Data", In RAID 2003
  18. B. Morin, H. Debar, "Correlation of Intrusion Symptoms: An Application of Chronicles", In RAID 2003
  19. Y. Wu, B. Foo, Y. Mei, S. Bagchi, "Collaborative Intrusion Detection System (CIDS): A Framework for Accurate and Efficient IDS", In 19th Annual Computer Security Applications Conference, 2003
  20. P. Ning, D. Xu, C. Healey, R. St. Amant, "Building Attack Scenarios through Integration of Complementary Alert Correlation Methods", NDSS, February 2004
  21. M. Locasto, J. Parekh, S. Stolfo, A. Keromytis, T. Malkin, V. Misra, "Collaborative Distributed Intrusion Detection", Columbia Unviersity Technical Report, CUCS-012-04
  22. F. Valeur, G. Vigna, C. Kruegel, R. Kemmerer, "A Comprehensive Approach to Intrusion Detection Alert Correlation", In IEEE Transactions on Dependable and Secure Computing, 2004
  23. Y. Zhai, P. Ning, P. Iyer, D. Reeves, "Reasoning about Complementary Intrusion Evidence", 20th Annual Computer Security Applications Conference, December 2004
  24. D. Xu, P. Ning, "Alert Correlation Through Triggering Events and Common Resources", 20th Annual Computer Security Applications Conference, December 2004
  25. Z. Li, A. Das, "Visualizing and Identifying Intrusion Context from System Calls Trace", 20th Annual Computer Security Applications Conference, December 2004
  26. P. Ning, D. Xu, "Hypothesizing and Reasoning about Attacks Missed by Intrusion Detection Systems", ACM Transactions on Information and System Security, 2004

Misc

  1. TESO Security Group, "Exploiting Format String Vulnerabilities", March 17, 2001
  2. M. Christodorescu, S. Jha, "Static Analysis of Executables to Detect Malicious Patterns", In Proceedings of the 12th USENIX Security Symposium, August 2003
Site Meter