Active Defense Against Code Injection Attacks

The threat posed by remote cyber attacks has grown every year, with nation state attacks being the hardest to detect and blunt. A common cyber attack method against remote systems is the code injection attack, where the attacker finds flaws in a remote application then forces the application to execute injected code. Code injection attacks can give the attacker unlimited access to the attacked system and thereby an entryway into a secure network. An attacker will often follow this attack by leaving software that will allow for unlimited future access. Code injection attacks can be very difficult to detect, as they often use program flaws not known to the security community. These attacks continue to be developed to get around current defense mechanisms: signature detection and spectrum analysis. A more general approach of identifying and catching these attacks in progress is needed. We propose investigating a code injection attack detector based on abstract interpretation which would catch new types of attacks before they are publicly known. This detector would be combined with an active defense mechanism that could be configured to block the attacks while allowing a security officer to gather information about the attackers'' methods.