基于代码执行模拟的远程缓冲区攻击检测方法被引量：1

A new approach of network buffer overflow detection based on code execution simulation

下载PDF

导出

摘要分析了缓冲区溢出攻击的原理和方法,提出了一种新的通用网络缓冲区溢出的检测方法,此检测方法通过代码执行模拟计算网络报文中含有的可执行代码序列的最大长度来进行缓冲区溢出的网络检测.实验证明,该检测方法不仅能快速有效地检测传统的远程缓冲区溢出的攻击,而且还可以检测变形的shellcode. After the analysis of the principles and methods of buffer overflow, we presented a new approach that is Code Execution Simulation （CES） to detect network remote buffer overflow. This approach was based on the calculation of the maximum executive length in packets by code execution simulation. The experiment result shows that this approach is effective and quick to detect classical network buffer overflow as well as polymephic shellcode.

作者辛毅方滨兴云晓春

机构地区哈尔滨工业大学计算机网络与信息安全技术研究中心国家计算机网络与信息安全管理中心

出处《哈尔滨工业大学学报》 EI CAS CSCD 北大核心 2007年第9期1436-1439,共4页 Journal of Harbin Institute of Technology

基金国家自然科学基金资助项目(60403033)

关键词远程缓冲区溢出蠕虫网络检测代码执行模拟变形Shellcode remote buffer overflow worm network detection code execution simulator polymephic Shellcode

分类号 TP393.08 [自动化与计算机技术—计算机应用技术]

引文网络
相关文献

参考文献10

1ROESCH M.Snort:Lightweight intrusion detection for networks[C]//Proceedings of USENIX.[s.l.]:LISA,1999.
2DESTRISTAN T,ULENSPIEGEL T.Polymophic shellcode engine using spectrum analysis[J].Phrack Magazine,2003,11 (61):9-15.
3RIX.Writing IA32 alphanumeric shellcodes[J].Phrack Magazine,2004,11(57):15-18.
4AKA T W.Writing UTF-8 compatible shellcodes[J].Phrack Magazine,2003,11(61):0-3.
5KOLESNIKOV O,LEE W.Advanced polymorphic worms:Evading IDS by blending in with normal traffic[EB/OL].http://www.cc.gatech.edu/- ok/w/ok_pw.pdf.
6COWAN C,PUC.StackGuard:Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks[C]//Proceedings of the 7^th USENIX Security Symposium.San Antonio,Texas,US:[s.n.],1998.
7VENDICATOR.Stack shield:A “stack smashing”technique protection tool for linux[EB/OL].http://www.angelfire.com/sk/stackshield.
8RICHARTE G.Four different tricks to bypass StackShield and StackGuard protection[EB/OL].http://www.coresecurity.com/corelabs/projects/vulnerability_research/Richarte_Stackguard_2002.pdf.
9TOTH T,KRUEGL C.Accurate buffer overflow detection via abstract payload execution[C]//In Proceedings of the 5th International Symposium on Recent Advances in Intrusion Detection (RAID).Zurich:[s.n.],2002.
10AKRITIDIS P,MARKATOS E P.STRIDE:Polymorphic Sled Detection through Instruction Sequence Analysis[C]//Proceedings 20th IFIP International Information Security Conference.Chiba,Japan:[s.n.],2005.

同被引文献14

1Aleph One. Smashing the stack for fun and profit [ J ]. Phrack Magazine, 1996,7 (49).
2Cowan C,Pu C, Maier D, et al. StackGuard : Automatic adaptive detection and prevention of buffer-overflow attacks [ C ]//USENIX Security Symposium, San Antonio, Texas, 1998:63 - 78.
3Bhatkar S, DuVarney D C, Sekar R. Address Obfuscation : An Efficient Approach to Combat a Broad Range of Memory Error Exploits [ C ]// Proceedings of the 12th USENIX Security Symposium,Washington D. C., 2003.
4PaX Team. PaX [ EB/OL]. 2001. http ://pax. grsecurity. net.
5Akritidis P, Markatos E, Polychronakis M, et al. STRIDE: Polymorphic Sled Detection through Instruction Sequence Analysis [ C ]//Proceedings of the 20^th IFIP International Information Security Conference ( SEC' 05 ) ,2005:375 - 392.
6K,2. ADMmutate [ EB/OL ]. 2006. http ://www. ktwo. ca/ADMmutate- 0.8.4. tar. gz.
7Metasploit project [ EB/OL ]. http ://www. metasploit. org.
8Snort rule 651,648 [ EB/OL]. www. snort. org/pub-bin/sigs. cgi? sid = 651.
9Pasupulati A,Coit J, Levitt K, et aL Buttercup: On Networkbased Detection of Polymorphic Buffer Overflow Vulnerabilities [ C ]//Proceedings of the Network Operations and Management Symposium (NOMS) ,2004:235 - 248.
10Toth T,Kruegel C. Accurate Buffer Overflow Detection via Abstract Payload Execution [ C ]//Proceedings of the 5^th International Symposium on Recent Advances in Intrusion Detection (RAID'02) ,2002:274 - 291.

引证文献1

1戈戟,史洪,徐良华.Shellcode静态检测技术研究[J].计算机应用与软件,2010,27(2):47-49. 被引量：1

二级引证文献1

1邓绯,王凯.基于静态分析方法的软件可靠性模型研究[J].长春大学学报,2012,22(8):937-940. 被引量：1

1heiboy.偷偷侵入Linux系统[J].电脑知识与技术（过刊）,2005(1):66-69.
2张永,陆余良.Apache&OpenSSL远程缓冲区溢出机理研究[J].网络安全技术与应用,2003(2):52-54.
3李娜,陈性元,车天伟.远程缓冲区溢出攻击的原理分析与检测[J].计算机工程与应用,2004,40(3):145-147. 被引量：8
4郭林,严芬,蔡玮珺,黄皓.基于切片技术的远程缓冲区溢出攻击检测模型[J].计算机科学,2006,33(12):70-74.
5动鲨.Serv-U本地权限提升就这么简单——工具使用篇[J].黑客防线,2004(06S):36-37.
6常敏,卢超,袁春风.一种远程缓冲区溢出攻击的对策及其实现[J].计算机工程与应用,2003,39(33):145-146. 被引量：4
7陶婧,张俊.基于BP神经网络的shellcode检测[J].科技信息,2010(4):219-220.
8陆余良,张永,等.Apache＆OpenSSL远程缓冲区溢出机理研究[J].Internet（共创软件）,2002(12):20-22.
9徐耘,周安民,王炜.一种缓冲区溢出攻击通用模型研究[J].微计算机信息,2008,24(3):48-50.
10黑蛋闷的一痞.Serv-U FTP远程缓冲区溢出漏洞攻击手记[J].软件指南,2004(3):63-64.

哈尔滨工业大学学报

2007年第9期

浏览历史

内容加载中请稍等...

基于代码执行模拟的远程缓冲区攻击检测方法被引量：1

参考文献10

同被引文献14

引证文献1

二级引证文献1

相关作者

相关机构

相关主题

浏览历史

基于代码执行模拟的远程缓冲区攻击检测方法 被引量：1

参考文献10

同被引文献14

引证文献1

二级引证文献1

相关作者

相关机构

相关主题

浏览历史

基于代码执行模拟的远程缓冲区攻击检测方法被引量：1