IDS mailing list archives
Buffer overflow detection
From: Ilija Basicevic <ilibasic () safe-mail net>
Date: 30 Jun 2004 23:40:15 -0000
Paper titled: Accurate Buffer Overflow Detection via Abstract Payload Execution, by: Thomas Toth and Christopher Kruegel describes a technique for detection of buffer overflow code. It is based on measurement of maximal execution length of payload string. As I understand, basically they estimate the size of NOP sledge, which tends to be big in case of buffer overflow. Is this technique used in available IDS systems for detection of polymorphic shell code ? Ilija --------------------------------------------------------------------------- ---------------------------------------------------------------------------
Current thread:
- Buffer overflow detection Ilija Basicevic (Jun 30)