摘要
提出一个应用混合的方法来阻止破坏主机安全的二进制代码注入式攻击并具有自适应能力的入侵防御系统模型(Feedback Learning IPS,FLIPS)。它包括三个主要组成部分:基于异常的分类器,基于签名的过滤系统,和采用指令集随机化(Instruction Set Randomization,ISR)的监管框架。ISR可以准确识别注入的代码,以这种反馈为基础对分类器和过滤器进行调整,并允许FLIPS对捕捉到的注入代码构建零日攻击签名。经试验表明,该模型能够丢弃那些匹配异常或已知的恶意输入,从而有效地保护应用程序免受攻击。
This paper proposed a model of Intrusion Prevent System,which has the adaptive ability and apply a hybrid approach to host security that prevents binary code injection attacks.It incorporates three major components: an anomaly-based classifier,a signature-based filtering scheme,and a supervision framework that employs Instruction Set Randomization(ISR).ISR can precisely identify the injected code,the classifier and the filter via a learning mechanism based on this feedback can be tuned.Capturing the injected code allows FLIPS to construct signatures for zero-day exploits.Experimental results show that the model can discard input that is anomalous matches or malicious input,protecting the application from attack effectively.
出处
《自动化技术与应用》
2011年第4期24-28,共5页
Techniques of Automation and Applications
基金
黑龙江省自然科学基金(编号F2007-06)
黑龙江省教育厅科学技术研究项目(编号11531042)
哈尔滨市科技攻关项目(编号2008AA2CG037)
关键词
自适应
入侵防御系统
异常分类器
签名过滤系统
指令集随机化
adaptive
Intrusion Prevent System
anomaly classifier
signature filtering scheme
Instruction Set Randomization