Detecting remote exploits ising data mining

Mohammad Masud, Latifur Khan, Bhavani Thuraisingham, Xinran Wang, Peng Liu, Sencun Zhu

Research output: Chapter in Book/Report/Conference proceedingChapter

7 Citations (Scopus)


This paper describes the design and implementation of DExtor, a datamining-based exploit code detector that protects network services. DExtor operates under the assumption that normal traffic to network services contains only data whereas exploits contain code. The system is first trained with real data containing exploit code and normal traffic. Once it is trained, DExtor is deployed between a web service and its gateway or firewall, where it operates at the application layer to detect and block exploit code in real time. Tests using large volumes of normal and attack traffic demonstrate that DExtor can detect almost all the exploit code with negligible false alarm rates.

Original languageEnglish
Title of host publicationAdvances in Digital Forensics IV
EditorsPedro Cuenca, Carlos Guerrero, Ramon Puigjaner, Bartomeu Serra
Number of pages13
Publication statusPublished - 2008
Externally publishedYes

Publication series

NameIFIP International Federation for Information Processing
ISSN (Print)1571-5736


  • Attack detection
  • Data mining
  • Exploit code
  • Server attacks

ASJC Scopus subject areas

  • Information Systems and Management


Dive into the research topics of 'Detecting remote exploits ising data mining'. Together they form a unique fingerprint.

Cite this