共查询到20条相似文献,搜索用时 31 毫秒
1.
章力源 《数字社区&智能家居》2010,6(10):2544-2549
A common way to gain control of victim hosts is to launch buffer overflow attacks by remote exploits.This paper proposes a behavior-based buffer overflow attacker blocker,which can dynamically detect and prevent remote buffer overflow attacks by filtering out the client requests that contain malicious executable codes.An important advantage of this approach is that it can block the attack before the exploit code begins affecting the target program.The blocker is composed of three major components,packet dec... 相似文献
2.
3.
4.
Nebenzahl D. Sagiv M. Wool A. 《Dependable and Secure Computing, IEEE Transactions on》2006,3(1):78-90
Stack smashing is still one of the most popular techniques for computer system attack. In this work, we present an anti-stack-smashing defense technique for Microsoft Windows systems. Our approach works at install-time, and does not rely on having access to the source-code: The user decides when and which executables to vaccinate. Our technique consists of instrumenting a given executable with a mechanism to detect stack smashing attacks. We developed a prototype implementing our technique and verified that it successfully defends against actual exploit code. We then extended our prototype to vaccinate DLLs, multithreaded applications, and DLLs used by multithreaded applications, which present significant additional complications. We present promising performance results measured on SPEC2000 benchmarks: Vaccinated executables were no more than 8 percent slower than their un-vaccinated originals. 相似文献
5.
ZHANG Chuan-juan 《数字社区&智能家居》2008,(36)
基于缓冲区溢出的攻击是一种常见的安全攻击手段,也是目前惟一最重要最常见的安全威胁。在所有的软件安全漏洞中,缓冲区溢出漏洞大约占一半。该文从编程的角度分析了缓冲区溢出攻击,并提出在源代码阶段尽量避免缓冲区溢出的方法。 相似文献
6.
7.
代码注入攻击是应用程序面临的一种主要安全威胁,尤其是Web应用程序,该种攻击源于攻击者能够利用应用程序存在的漏洞/后门,向服务器端注入恶意程序并执行,或者利用应用程序对用户输入的参数缺乏验证和过滤,造成输入作为恶意程序执行,从而达到攻击目的。源程序分析和输入规则匹配等现有防御方法在面对代码注入攻击时都存在着固有缺陷,为了提高Web应用程序对于代码注入攻击的防御性,提出一种基于指令集随机化的抗代码注入方法,该防御方法不依赖于攻击者采用何种攻击方式,能够抵御未知的代码注入攻击。基于该技术及动态、冗余构造方法,设计一套原型系统,采用广义随机Petri网(Generalized Stochastic Petri Net,GSPN)建模计算,攻击者即使在获得随机化方法先验知识的情况下也极难突破系统的防御机制。尽管该方法需要对应用程序源代码进行随机化变换,但处理过程是完全自动化和具有普适性的,通过实验和现网测试表明该方法能够有效抵御大部分代码注入攻击,实现了对攻击的主动防御。 相似文献
8.
缓冲区溢出漏洞分析技术研究进展 总被引:3,自引:0,他引:3
本文首先介绍了缓冲区溢出漏洞危害的严重性和广泛性,然后从如何利用缓冲区溢出漏洞的角度,依次介绍了缓冲区溢出漏洞的定义、操作系统内存组织方式以及缓冲区溢出攻击方式.本文将缓冲区溢出分析技术分为三类:自动检测、自动修复、以及运行时防护,并对每一类技术进行了介绍、分析和讨论.最后,对相关工作进行了总结,并讨论了缓冲区溢出分析领域未来可能的三个研究方向:(1)对二进制代码进行分析.(2)结合机器学习算法进行分析.(3)综合利用多种技术进行分析. 相似文献
9.
10.
缓冲区溢出攻击已经成为网络攻击的主要方式。本文首先分析了缓冲区溢出攻击的基本原理,然后分析了形成缓冲区溢出攻击的必要条件,并详细讨论了溢出攻击的防护技术。 相似文献
11.
分析目前缓冲区溢出攻击的弱点,提出一种新的攻击方法。通过抽象缓冲区溢出攻击的规律,分析植入代码的结构特征,给出缓冲区溢出攻击描述语言的文法。对于不同的缓冲区溢出漏洞,攻击描述语言能够动态地构造植入代码,实现攻击的自动化。 相似文献
12.
为了验证WehnTrust是否具有预期的检测和防御缓冲区溢出攻击的性能,设计了相关实验对其进行了测试.对该入侵防御系统的源代码进行了分析、调试,在此基础上,使用开源溢出框架Metasploit Framework进行了5种攻击实验,并针对WehnTrust所具有的特性,搭建实验环境,模拟进行了C++虚函数攻击实验、结构... 相似文献
13.
Thibault Cholez Isabelle Chrisment Olivier Festor Guillaume Doyen 《Peer-to-Peer Networking and Applications》2013,6(2):155-174
Several large scale P2P networks operating on the Internet are based on a Distributed Hash Table. These networks offer valuable services, but they all suffer from a critical issue allowing malicious nodes to be inserted in specific places on the DHT for undesirable purposes (monitoring, distributed denial of service, pollution, etc.). While several attacks and attack scenarios have been documented, few studies have measured the actual deployment of such attacks and none of the documented countermeasures have been tested for compatibility with an already deployed network. In this article, we focus on the KAD network. Based on large scale monitoring campaigns, we show that the world-wide deployed KAD network suffers large number of suspicious insertions around shared contents and we quantify them. To cope with these peers, we propose a new efficient protection algorithm based on analyzing the distribution of the peers’ ID found around an entry after a DHT lookup. We evaluate our solution and show that it detects the most efficient configurations of inserted peers with a very small false-negative rate, and that the countermeasures successfully filter almost all the suspicious peers. We demonstrate the direct applicability of our approach by implementing and testing our solution in real P2P networks. 相似文献
14.
网络安全是当今计算机网络研究的热点,而基于缓冲区溢出的网络渗透技术则是严重威胁网络安全的行为之一.详细介绍了缓冲区溢出的原理,并采用跳转指令的方法阐述了Widows环境下缓冲区溢出的实现过程,最后探讨了相关的防范措施,对于有效防范缓冲区溢出攻击有着积极的作用. 相似文献
15.
缓冲区溢出脆弱性检测和预防技术综述 总被引:1,自引:0,他引:1
利用缓冲区溢出脆弱性进行攻击,是网络攻击中最常见和最危险的攻击方法。为解决缓冲区溢出脆弱性问题,在研究和商业领域提出了各种各样的方案。本文首先将缓冲区溢出脆弱性检测和预防技术划分成9大类;然后研究了每一类技术的原理、特性、适用范围和优缺点等;最后分析讨论了整个缓冲区溢出脆弱性检测和预防技术。 相似文献
16.
Vista的抵御缓冲区溢出攻击技术研究* 总被引:1,自引:0,他引:1
缓冲区溢出攻击是一种在互联网时代被广泛利用并危害严重的主要攻击方式。分析了缓冲区溢出攻击的基本原理,总结了缓冲区溢出攻击的关键步骤,并研究分析了Windows Vista的抵御缓冲区溢出攻击的四种关键技术,包括地址空间配置随机化(ASLR)、数据执行保护(DEP)、GS栈保护和安全(structured exception handling, SEH)等技术;最后对Windows Vista抵御缓冲区溢出的整体效果进行了分析,指出了Vista仍然不能完全抵御缓冲区溢出攻击。 相似文献
17.
Web servers are usually located in a well-organized data center where these servers connect with the outside Internet directly through backbones. Meanwhile, the application-layer distributed denials of service (AL-DDoS) attacks are critical threats to the Internet, particularly to those business web servers. Currently, there are some methods designed to handle the AL-DDoS attacks, but most of them cannot be used in heavy backbones. In this paper, we propose a new method to detect AL-DDoS attacks. Our work distinguishes itself from previous methods by considering AL-DDoS attack detection in heavy backbone traffic. Besides, the detection of AL-DDoS attacks is easily misled by flash crowd traffic. In order to overcome this problem, our proposed method constructs a Real-time Frequency Vector (RFV) and real-timely characterizes the traffic as a set of models. By examining the entropy of AL-DDoS attacks and flash crowds, these models can be used to recognize the real AL-DDoS attacks. We integrate the above detection principles into a modularized defense architecture, which consists of a head-end sensor, a detection module and a traffic filter. With a swift AL-DDoS detection speed, the filter is capable of letting the legitimate requests through but the attack traffic is stopped. In the experiment, we adopt certain episodes of real traffic from Sina and Taobao to evaluate our AL-DDoS detection method and architecture. Compared with previous methods, the results show that our approach is very effective in defending AL-DDoS attacks at backbones. 相似文献
18.
Hop is a multi-tier programming language where the behavior of interacting servers and clients are expressed by a single program. Hop adheres to the standard web programming style where servers elaborate HTML pages containing JavaScript code. This JavaScript code responds locally to user’s interactions but also (following the so-called Ajax style) requests services from remote servers. These services bring back new HTML fragments containing additional JavaScript code replacing or modifying the state of the client. This paper presents a continuation-based denotational semantics for a sequential subset of Hop. Though restricted to a single server and a single client, this semantics takes into account the key feature of Hop namely that the server elaborates client code to be run in the client’s browser. This new client-code dynamically requests services from the server which, again, elaborate new client code to be run in the client’s browser. This semantics details the programming model advocated by Hop and provides a sound basis for future studies such as security of web applications and web continuations. 相似文献
19.
Currently, security-critical server programs are well protected by various defense techniques, such as Address Space Layout Randomization(ASLR), eXecute Only Memory(XOM), and Data Execution Prevention(DEP), against modern code-reuse attacks like Return-oriented Programming(ROP) attacks. Moreover, in these victim programs, most syscall instructions lack the following ret instructions, which prevents attacks to stitch multiple system calls to implement advanced behaviors like launching a remote shell. Lacking this kind of gadget greatly constrains the capability of code-reuse attacks. This paper proposes a novel code-reuse attack method called Signal Enhanced Blind Return Oriented Programming(SeBROP) to address these challenges. Our SeBROP can initiate a successful exploit to server-side programs using only a stack overflow vulnerability. By leveraging a side-channel that exists in the victim program, we show how to find a variety of gadgets blindly without any pre-knowledges or reading/disassembling the code segment. Then, we propose a technique that exploits the current vulnerable signal checking mechanism to realize the execution flow control even when ret instructions are absent. Our technique can stitch a number of system calls without returns, which is more superior to conventional ROP attacks. Finally, the SeBROP attack precisely identifies many useful gadgets to constitute a Turing-complete set. SeBROP attack can defeat almost all state-of-the-art defense techniques. The SeBROP attack is compatible with both modern 64-bit and 32-bit systems. To validate its effectiveness, We craft three exploits of the SeBROP attack for three real-world applications, i.e., 32-bit Apache 1.3.49, 32-bit ProFTPD 1.3.0, and 64-bit Nginx 1.4.0. Experimental results demonstrate that the SeBROP attack can successfully spawn a remote shell on Nginx, ProFTPD, and Apache with less than 8500/4300/2100 requests, respectively. 相似文献