| dc.description.abstract | In this paper, we shall discuss a new idea against remote buffer overflow attack launched by internet worms, Botnet owners or unknown attackers. Meanwhile, we also develop the prototype system called Arcs (Automatic Real-time Counterattack System) to evaluate the performance of this architecture. The result of system testing shows that this mechanism indeed works, which means it is usable and efficient to combat the remote buffer overflow attack from internet worm propagation and Botnet than other strategies came up before.
The propagation of worm depends on which vulnerabilities they exploit. And also we understand that remote buffer overflow attack is still an efficient method for Botnet to control these vulnerable hosts. This vulnerability oriented characteristic tells us that one compromised host without patched, is possible to be compromised again. Different from rough, invasive and indulgent white worm strategy, we propose a controllable and acceptable automatic real-time counterattack mechanism, which just attacks to those who attacks us. After attacking detected, we make a duplicate of the original attacking string, replace malicious injected code of this duplicate with our own fight back injected code and then use it to counterattack. For ideal situation, we can successfully compromise the attacking host and execute our injected code instead of original malicious one. We build a database to record the information of counterattack, including the address of attacking hosts and Port, the time and the result of fighting back. We have a detailed discussion about the possible Arcs based worm and Botnet solution and contribution of Arcs because of its efficiency and flexibility. Arcs can be used for many different purposes for different system administrators’ needs.
This paper focuses on introduction of Arcs, modification of remote buffer overflow attack string, its influence and possible Arcs based worm and Botnet solutions. | en_US |