针对Shellcode变形规避的NIDS检测技术

现今,缓冲区溢出攻击仍是网络上最普遍和有效的攻击方式之一,常见于恶意攻击者的手动攻击以及病毒蠕虫的自发攻击。随着NIDS的发展,普通的缓冲区溢出攻击能够用基于Shellcode匹配的手段进行检测。然而,Shellcode变形技术的出现使缓冲区溢出攻击拥有了躲避NIDS检测的能力。论文在NIDS传统检测技术的基础上,详细研究了Shellcode的各种变形手段,提出了针对性的检测技术,并展望了未来的发展方向。

Apply NIDS Technology to Detect Polymorphic Shellcode Evading

At present, buffer overflow still stands as one of the most prevalent and efficient way to attack network system. It usually results from manually attack by hackers and self-propagation attack by worms or viruses. With the development of NIDS, it is feasible to detect buffer overflow attack by simple Shellcode pattern-matching. However, the appearance of Shellcode polymorphism enables Shellcode to evade the detection of NIDS. This paper demonstrates a variety of detailed shellcode polymorphic technology against traditional IDS discerning method and presents new tech- nology and orientation to detect the polymorphic shellcode.