| 基于诱捕的软件异常检测综述 |
| |
| 作者姓名: | 傅建明 刘畅 解梦飞 罗陈可 |
| |
| 作者单位: | 1. 空天信息安全与可信计算教育部重点实验室,湖北 武汉 430072;2. 武汉大学国家网络安全学院,湖北 武汉 430072 |
| |
| 基金项目: | 国家自然科学基金(61972297);国家自然科学基金(62172308);国家自然科学基金(62172144) |
| |
| 摘 要: | 高级持续威胁(APT,advanced persistent threats)会使用漏洞实现攻击代码的自动加载和攻击行为的隐藏,并通过复用代码攻击绕过堆栈的不可执行限制,这是网络安全的重要威胁.传统的控制流完整性和地址随机化技术虽然有效抑制了APT的步伐,但软件的复杂性和攻击演化使软件仍存在被攻击的时间窗口.为此,以资...
|
| 关 键 词: | 高级持续威胁 代码复用攻击 控制流完整性 地址随机化 诱捕防御 |
Survey of software anomaly detection based on deception |
| |
| Authors: | Jianming FU Chang LIU Mengfei XIE Chenke LUO |
| |
| Affiliation: | 1. Key Laboratory of Aerospace Information Security and Trusted Computing, Ministry of Education, Wuhan 430072, China;2. School of Cyber Science and Engineering, Wuhan University, Wuhan 430072, China |
| |
| Abstract: | Advanced persistent threats (APT) will use vulnerabilities to automatically load attack code and hide attack behavior, and exploits code reuse to bypass the non-executable stack & heap protection, which is an essential threat to network security.Traditional control flow integrity and address space randomization technologies have effectively prevented the pace of APT.However, the complexity of the software and the evolution of attacks make the software still being vulnerable.For this reason, deception defense with resources as bait is an indispensable supplement for network security.The trapping mechanism consists of bait design and attack detection, which infer possible unauthorized access or malicious attacks by sensing the interaction behavior with the bait.According to the three types of bait, which are file, data and code, the automatic construction scheme of bait is designed and deployed, and the effectiveness of bait is measured from the aspects of believability, detectability and enticement, etc.Ransom ware detection based on deception defense focuses on the deployment location of bait files, and in the area of vulnerability detection, code reuse attacks are detected by injecting bait code.Research work related to the implementation of deception defense in each phase of APT attacks was introduced, and the mechanism of deception defense from bait type, bait generation, bait deployment, and bait measurement was described.Simultaneously, deception defense applications in ransom ware detection, vulnerability detection, and Web security were analyzed.In response to the shortcomings of existing ransom ware detection research in terms of bait file design and deployment, a dynamic update method of bait for ransom ware detection was proposed.The deception defense challenges were discussed and hoped that deception defense can provide theoretical and technical support for discovering unknown attacks and attack attribution. |
| |
| Keywords: | advanced persistent threat code reuse attack control flow integrity address randomization deception defense |
|
| 点击此处可从《》浏览原始摘要信息 |
|
点击此处可从《》下载全文 |
|
