Title:
Identifying and clustering attack-driven crash reports using machine learning

Thumbnail Image
Author(s)
Alzahrani, Ibtehaj M.
Authors
Advisor(s)
Lee, Wenke
Advisor(s)
Person
Editor(s)
Associated Organization(s)
Organizational Unit
Organizational Unit
Series
Supplementary to
Abstract
We propose a tool to identify crashes caused by filed exploits from benign crashes, and cluster them based on the exploited vulnerabilities to prioritize crashes from a security point of view. The tool extracts features from crash reports and decides whether a crash caused by malicious behavior or not. In the case of malicious behavior, it identifies the attack type that generates the crash report; we are focusing on four attack types which are Heap exploitation, Shellcode injection, Format String attack, and Return Oriented Programming. Further, it clusters the crash reports based on the exploited vulnerabilities.
Sponsor
Date Issued
2019-04-26
Extent
Resource Type
Text
Resource Subtype
Thesis
Rights Statement
Rights URI