论文信息 - Attack Trends

Attack Trends

by analyzing them, we can assess the incident's impact and the at-tackers' skills and intent. We can build an entire taxonomy of attacks by understanding these programs' technical capabilities and their connection to those who develop and use them. For the past decade, exploit tools have signaled the evolution of a community of adversaries comprising numerous inexperienced and unskilled " ankle biters " — commonly referred to as script kiddies—and a few experienced, technically savvy attackers. Exploit programs are telltale signs of attack-ers' sophistication: if studied meticulously , they can provide insight into current and future trends. Webster's dictionary defines the verb exploit as " to use or manipulate to one's advantage. " In the context of information security, we translate this to mean taking advantage of a vulnerable system in a way that subsequently affects the system's security. Recognizing that attackers use exploit code as a weapon, we must understand how exploits work and what they're used for. The simplest form of exploit program is known as the proof-of-concept (POC) exploit. Its only goal is to demonstrate without a doubt that a security flaw exists, often by causing the vulnerable program to malfunction in a noticeable manner, such as terminating prematurely or abnormally. To prove not only that a given software bug exists but also that attackers could exploit it for specific purposes, the writer of a POC exploit generally turns to what software vendors and security researchers refer to as " execution of arbitrary code on the vulnerable system " to demonstrate that an outsider can execute commands on affected systems. Exploit tools are artifacts that let attackers fulfill their intentions beyond simply demonstrating that a software flaw exists. From the exploit developer's viewpoint, an exploit must be able to use a given vulnerability to achieve a specific goal, while coping with the vulnerable system's operational characteristics , including network topology, running environment, and security countermeasures. Studying exploits furnished by researchers or found " in the wild " on compromised systems can provide valuable information about the technical skills, degree of experience , and intent of the attackers who developed or used them. Using this information, we can implement measures to detect and prevent attacks. (Note that those who use an exploit are not necessarily the designers or developers. This becomes evident when attackers' actions during a network security compromise are not on par with the experience and …

Iván Arce

[1] Eugene H. Spafford,et al. The internet worm program: an analysis , 1989, CCRV.

[2] Edson C. Hendricks,et al. Evolution of a Virtual Machine Subsystem , 1979, IBM Syst. J..

[3] Steven B. Lipner,et al. A comment on the confinement problem , 1975, SOSP.

[4] Stuart E. Madnick,et al. Application and analysis of the virtual machine approach to information system security and isolation , 1973, Workshop on Virtual Computer Systems.

[5] Robert J. Creasy,et al. The Origin of the VM/370 Time-Sharing System , 1981, IBM J. Res. Dev..

[6] Gary McGraw. Exploiting Online Games , 2007, USENIX Annual Technical Conference.

[7] Gerald J. Popek,et al. Formal requirements for virtualizable third generation architectures , 1974, SOSP '73.

[8] Jose Nazario,et al. The Future of Internet Worms , 2001 .

[9] Butler W. Lampson,et al. A note on the confinement problem , 1973, CACM.

[10] L. W. Comeau,et al. A VIRTUAL MACHINE SYSTEM FOR THE 360/40 , 1966 .

[11] Eugene H. Spafford,et al. The Internet Worm Incident , 1989, ESEC.

[12] F. J. Corbató,et al. The Compatible Time-Sharing System: A Programmer's Guide , 1963 .

[13] Helen J. Wang,et al. SubVirt: implementing malware with virtual machines , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[14] C. Richard Attanasio,et al. Penetrating an Operating System: A Study of VM/370 Integrity , 1976, IBM Syst. J..

[15] Paul A. Karger,et al. Thirty years later: lessons from the Multics security evaluation , 2002, 18th Annual Computer Security Applications Conference, 2002. Proceedings..