A VM-Based Detection Framework against Remote Code Execution Attacks for Closed Source Network Devices

Youngjoo Shin

doi:10.3390/app9071294

Applied Sciences (Mar 2019)

A VM-Based Detection Framework against Remote Code Execution Attacks for Closed Source Network Devices

Youngjoo Shin

Affiliations

Youngjoo Shin: School of Computer and Information Engineering, Kwangwoon University, 20 Kwangwoon-ro, Nowon-gu, Seoul 01897, Korea

DOI: https://doi.org/10.3390/app9071294
Journal volume & issue: Vol. 9, no. 7
p. 1294

Abstract

Read online

Remote code execution attacks against network devices become major challenges in securing networking environments. In this paper, we propose a detection framework against remote code execution attacks for closed source network devices using virtualization technologies. Without disturbing a target device in any way, our solution deploys an emulated device as a virtual machine (VM) instance running the same firmware image as the target in a way that ingress packets are mirrored to the emulated device. By doing so, remote code execution attacks mounted by maliciously crafted packets will be captured in memory of the VM. This way, our solution enables successful detection of any kind of intrusions that leaves memory footprints.

Published in Applied Sciences

ISSN: 2076-3417 (Online)
Publisher: MDPI AG
Country of publisher: Switzerland
LCC subjects: Technology: Engineering (General). Civil engineering (General); Science: Biology (General); Science: Physics; Science: Chemistry
Website: http://www.mdpi.com/journal/applsci

About the journal

Abstract

Keywords