AIRCC's International Journal of Computer Science and Information Technology

The PDF file you selected should load here if your Web browser has a PDF reader plug-in installed (for example, a recent version of Adobe Acrobat Reader).

If you would like more information about how to print, save, and work with PDFs, Highwire Press provides a helpful Frequently Asked Questions about PDFs.

Alternatively, you can download the PDF file directly to your computer, from where it can be opened using a PDF reader. To download the PDF, click the Download link above.

Fullscreen Fullscreen Off


Vulnerability exploitation is the key to obtaining the control authority of the system, posing a significant threat to network security. Therefore, it is necessary to discover exploitation from traffic. The current methods usually only target a single stage with an incomplete causal relationship and depend on the payload content, causing attacker easily avoids detection by encrypting traffic and other means. We propose a traffic traceback method of vulnerability exploitation to solve the above problems based on session relation. First, we construct the session relationship model using the session correlation of different stages during the exploit. Second, we build a session diagram based on historical traffic. Finally, we traverse the session diagram to find the traffic conforming to the session relationship model. Compared with Blatta, a method detecting early exploit traffic with RNN, the detection rate of our method is increased by 50%, independent of traffic encryption methods.

Keywords

Exploit, Malicious Traffic Detection, Session Relationship, Traffic Analysis.
User
Notifications
Font Size