A VM-Based Detection Framework against Remote Code Execution Attacks for Closed Source Network Devices

A VM-Based Detection Framework against Remote Code Execution Attacks for Closed Source Network Devices

Remote code execution attacks against network devices become major challenges in securing networking environments. In this paper, we propose a detection framework against remote code execution attacks for closed source network devices using virtualization technologies. Without disturbing a target de...

Full description

Bibliographic Details
Main Author: Youngjoo Shin
Format: Article
Language:English
Published: MDPI AG 2019-03-01
Series:Applied Sciences
Subjects:
network intrusion detection
SDN/NFV
virtual machine
networked embedded systems
router and switches
virtualization technology
Online Access:https://www.mdpi.com/2076-3417/9/7/1294
Description
Summary:Remote code execution attacks against network devices become major challenges in securing networking environments. In this paper, we propose a detection framework against remote code execution attacks for closed source network devices using virtualization technologies. Without disturbing a target device in any way, our solution deploys an emulated device as a virtual machine (VM) instance running the same firmware image as the target in a way that ingress packets are mirrored to the emulated device. By doing so, remote code execution attacks mounted by maliciously crafted packets will be captured in memory of the VM. This way, our solution enables successful detection of any kind of intrusions that leaves memory footprints.
ISSN:2076-3417

Similar Items