Subscribe to Syndicate

Server-side code injection attacks: a historical perspective

TitleServer-side code injection attacks: a historical perspective
Publication TypeConference Paper
Year of Publication2013
AuthorsFritz J, Leita C, Polychronakis M
Conference Name16th International Symposium on Research in Attacks, Intrusions and Defenses (RAID)
Date Published10/2013
PublisherSpringer Verlag
Keywordscode injection attacks, intrusion detection, server-side exploits
Abstract

Server-side code injection attacks used to be one of the main culprits for the spread of malware. A vast amount of research has been devoted to the problem of effectively detecting and analyzing these attacks. Common belief seems to be that these attacks are now a marginal threat compared to other attack vectors such as drive-by download and targeted emails. However, information on the complexity and the evolution of the threat landscape in recent years is mostly conjectural. This paper builds upon five years of data collected by a honeypot deployment that provides a unique, long-term perspective obtained by traffic monitoring at the premises of different organizations and networks. Our contributions are twofold: first, we look at the characteristics of the threat landscape and at the major changes that have happened in the last five years; second, we observe the impact of these characteristics on the insights provided by various approaches proposed in previous research. The analysis underlines important findings that are instrumental at driving best practices and future research directions.