Applied Sciences (Mar 2019)

A VM-Based Detection Framework against Remote Code Execution Attacks for Closed Source Network Devices

  • Youngjoo Shin

Journal volume & issue
Vol. 9, no. 7
p. 1294


Read online

Remote code execution attacks against network devices become major challenges in securing networking environments. In this paper, we propose a detection framework against remote code execution attacks for closed source network devices using virtualization technologies. Without disturbing a target device in any way, our solution deploys an emulated device as a virtual machine (VM) instance running the same firmware image as the target in a way that ingress packets are mirrored to the emulated device. By doing so, remote code execution attacks mounted by maliciously crafted packets will be captured in memory of the VM. This way, our solution enables successful detection of any kind of intrusions that leaves memory footprints.