自适应混合入侵防御

Hybrid Adaptive Intrusion Prevention

下载PDF

导出

摘要提出一个应用混合的方法来阻止破坏主机安全的二进制代码注入式攻击并具有自适应能力的入侵防御系统模型(Feedback Learning IPS,FLIPS)。它包括三个主要组成部分:基于异常的分类器,基于签名的过滤系统,和采用指令集随机化(Instruction Set Randomization,ISR)的监管框架。ISR可以准确识别注入的代码,以这种反馈为基础对分类器和过滤器进行调整,并允许FLIPS对捕捉到的注入代码构建零日攻击签名。经试验表明,该模型能够丢弃那些匹配异常或已知的恶意输入,从而有效地保护应用程序免受攻击。 This paper proposed a model of Intrusion Prevent System,which has the adaptive ability and apply a hybrid approach to host security that prevents binary code injection attacks.It incorporates three major components： an anomaly-based classifier,a signature-based filtering scheme,and a supervision framework that employs Instruction Set Randomization（ISR）.ISR can precisely identify the injected code,the classifier and the filter via a learning mechanism based on this feedback can be tuned.Capturing the injected code allows FLIPS to construct signatures for zero-day exploits.Experimental results show that the model can discard input that is anomalous matches or malicious input,protecting the application from attack effectively.

作者乔佩利韩伟

机构地区哈尔滨理工大学计算机学院

出处《自动化技术与应用》 2011年第4期24-28,共5页 Techniques of Automation and Applications

基金黑龙江省自然科学基金(编号F2007-06) 黑龙江省教育厅科学技术研究项目(编号11531042) 哈尔滨市科技攻关项目(编号2008AA2CG037)

关键词自适应入侵防御系统异常分类器签名过滤系统指令集随机化 adaptive Intrusion Prevent System anomaly classifier signature filtering scheme Instruction Set Randomization

分类号 O415.5 [理学—理论物理] TP273.2 [自动化与计算机技术—检测技术与自动化装置]

引文网络
相关文献

参考文献10

1刘才铭,赵辉,张雁,曾友州,胡莹,彭凌西,曾金全.基于免疫的多通道入侵防御模型[J].计算机应用研究,2008,25(6):1846-1849. 被引量：3
2孙宇.网络入侵防御系统（IPS）架构设计及关键问题研究[D]天津大学,天津大学2005.
3R.E.OVERILL.How Re (Pro)active Should an IDSBe?. Proceedings of the 1st International Workshop onRecent Advances in Intrusion Detection (RAID) . 1998
4S.SIDIROGLOU,M.E.LOCASTO,S.W.BOYD,A.D.Keromytis.Building a Reactive Immune System forSoftware Services. Proceedings of the USENIX AnnualTechnical Conference . 2005
5E.G.BAntes,D.H.Ackley,S.Forrest,T.S.Palmer,D.Stefanovic,D.D.Zovi.Randomized Instruction SetEmulation to Distrupt Binary Code Injection Attacks. Proceedings of the 10th ACM Conference on Computer andCommu-nications Security(CCS) . 2003
6Sotiris Ioannidis,Keromytis Angelos D,Bellovin Steven M,et al.Implementing a Distributed Firewall. Proceedings of the ACM Conference on Computer and Communications Security . 2000
7Handley M,Kreibich C,Paxson V.Network Intrusion Detection:Eva-sion,Traffic Normalization,and End-to-End Protocol Semantics. Proc.USENIX Security Symposium . 2001
8C.Krugel,T.Toth,E.Kirda.Service specific anomaly detection for network intrusion detection. The 2002 ACM symposium on Applied computing . 2002
9G. S. Kc,,A. D. Keromytis,,V. Prevelakis.Countering Code-injection Attacks with Instruction-set Randomization. Proceedings of the 10th ACM Conference on Computer and Communications Security (CCS‘03) . 2003
10Elena Gabriela Barrantes,David H Ackley,Trek S Palmer,et al.Ran-domized instruction set emulation to disrupt binary code injection at-tacks. CCS′03:Proceedings of the10th ACM conference on Computer and communications security . 2003

二级参考文献11

1LI Tao.An immune based dynamic intrusion detection model[J].Chinese Science Bulletin,2005,50(22):2650-2657. 被引量：17
2KIM J, BENTLEY P J. Towards an artificial immune system for network intrusion detection: an investigation of dynamic clonal selection [ C] //Proc of Congress on Evolutionary Computation. 2002 : 1015- 1020.
3FORREST S, HOFEYR S A, SOMAYAJI A. Computer Immunology [J]. Communications of the ACM, 1997, 40(10) :88-96.
4FORREST S, PERELSON A S. Self- nonself discrimination in a computer[ C ] //IEEE Symposium on Security and Privacy. Oakland: IEEE, 1994:202-213.
5HOFMEYR S A, FORREST S. Architecture for an artificial immune system[J]. Evolutionary Computation, 2000, 8(4):443-473.
6HOFMEYR S A, FORREST S. Immunity by design:an artificial immune system[ C] //Proc of Genetic Evolutionary Computation Conf. San Francisco: [ s. n. ], 1999 : 1289-1296.
7HOFMEYR S A. An immunological model of distributed detection and its application to computer security[ D]. Mexico: Department of Computer Sciences, University of New Mexico, 1999.
8DASGUPTA D. An immunity-based technique to characterize intrusions in computer networks[J]. IEEE Trans on Evolutionary Computation, 2002, 6(3):281-291.
9DASGUPTA D. lmmunlty-based intrusion detection system:a general framework [ C]//Proc of the 22 nd National Information Systems Security Conference (NISSC). 1999.
10KIM J, BENTLEY P J. An evaluation of negative selection in an artificial immune system for network intrusion detection [ C ]//Proc of Genetic and Evolutionary Computation Conference. 2001.

共引文献2

1张燕,谭方勇.一个分层的入侵防御系统模型[J].电脑知识与技术,2010(2):853-854.
2王麒.IPv6环境下基于多线程的入侵防御系统设计与研究[J].计算机安全,2013(5):34-38.

1郑道东.实时随机SQL注入攻击检测方法的研究[J].产业与科技论坛,2012,11(3):62-63.
2黄俊,程绍银,蒋凡.基于指令集随机化的XSS检测和防御系统[J].电子技术（上海）,2014(4):8-11. 被引量：2
3王奕森,舒辉,谢耀滨,赵利军.基于指令集随机化的代码注入型攻击防御技术[J].计算机应用与软件,2016,33(5):312-316. 被引量：2
4李原,蒋华伟.基于指令集随机化的SQL注入防御技术研究[J].计算机与数字工程,2009,37(1):96-99. 被引量：4
5Vladimir Krylov,Kirill Kravtsov.Principles of Network Security Protocols Based on Dynamic Address Space Randomization[J].通讯和计算机（中英文版）,2016,13(2):77-89. 被引量：1
6桑兴民,侯恩广.基于AT91RM9200的BOOT LOADER的开发与移植[J].电脑知识与技术,2009,5(1X):738-739.
7纪金松,MAIER Stefan,聂晓宁,周学海.Verification of instruction set specification for an ASIP[J].Journal of Harbin Institute of Technology(New Series),2008,15(4):482-486.
8桑兴民,侯恩广,成巍,赵志鹏,欧阳红晋.基于AT91RM9200的BOOT LOADER的开发与移植[J].科技创新导报,2009,6(3):6-7.
9王蕊.卡巴斯基:揭露容易被忽视的安全薄弱点[J].计算机与网络,2013,39(22):78-78.
10陈垚冰.ASP.NET2.0平台下的数据库安全防护[J].通讯世界,2015,21(6):332-332.

自动化技术与应用

2011年第4期

浏览历史

内容加载中请稍等...

自适应混合入侵防御

参考文献10

二级参考文献11

共引文献2

相关作者

相关机构

相关主题

浏览历史