Detection of
Stack-based overflows by network-based IDS
¨Match
signatures associated with NOP sleds
¨Identify
typical machine language exploit code to get attackers’ commands
executed
¨Look
for frequently used return pointers associated with popular buffer
overflows