IDS mailing list archives

Previous By Date Next
Previous By Thread Next

Buffer overflow detection

From: Ilija Basicevic <ilibasic () safe-mail net>
Date: 30 Jun 2004 23:40:15 -0000


Paper titled:
Accurate Buffer Overflow Detection via Abstract Payload Execution,
by: Thomas Toth and Christopher Kruegel
describes a technique for detection of buffer overflow code.
It is based on measurement of maximal execution length of payload
string.
As I understand, basically they estimate the size of NOP sledge,
which tends to be big in case of buffer overflow.

Is this technique used in available IDS systems
for detection of polymorphic shell code ?

Ilija

---------------------------------------------------------------------------

---------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: