Automated Vulnerability Assessment and Intrusion for Server Vulnerabilities

Many invasions against severs of campus-networks occurred in recent years. Such attacks obtained unauthorized privileges or promoted authority levels by exploiting vulnerabilities in servers’ operating system or software applications. We studied this kind of attacks and proposed an automated mining and assessing method by using FTP server vulnerabilities as an example. Our proposed method provides a general approach to discover safety vulnerabilities in server applications. It covers solutions in details from creating and sending abnormal data, to monitoring and fault isolation. The method can be easily port to other internet-facing server applications.