Identifying and clustering attack-driven crash reports using machine learning

Alzahrani, Ibtehaj M.

View/Open

ALZAHRANI-THESIS-2019.pdf (631.3Kb)

Date

2019-04-26

Author

Alzahrani, Ibtehaj M.

Metadata

Show full item record

Abstract

We propose a tool to identify crashes caused by filed exploits from benign crashes, and cluster them based on the exploited vulnerabilities to prioritize crashes from a security point of view. The tool extracts features from crash reports and decides whether a crash caused by malicious behavior or not. In the case of malicious behavior, it identifies the attack type that generates the crash report; we are focusing on four attack types which are Heap exploitation, Shellcode injection, Format String attack, and Return Oriented Programming. Further, it clusters the crash reports based on the exploited vulnerabilities.

URI

http://hdl.handle.net/1853/62701

Collections

College of Computing Theses and Dissertations [1156]
Georgia Tech Theses and Dissertations [23406]