| 基于进程执行轮廓的缓冲区溢出攻击效果检测 |
| |
| 引用本文: | 苏朋,陈性元,唐慧林,祝宁. 基于进程执行轮廓的缓冲区溢出攻击效果检测[J]. 计算机工程, 2009, 35(6): 156-158 |
| |
| 作者姓名: | 苏朋 陈性元 唐慧林 祝宁 |
| |
| 作者单位: | 解放军信息工程大学电子技术学院,郑州,450004;解放军信息工程大学电子技术学院,郑州,450004;解放军信息工程大学电子技术学院,郑州,450004;解放军信息工程大学电子技术学院,郑州,450004 |
| |
| 摘 要: | 缓冲区溢出攻击效果检测对缓冲区溢出安全防御工作具有重要意义,该文分析进程与Windows NativeAPI的关系,以Windows NativeAPI为数据源进行攻击效果检测。提出执行轮廓的概念及其建立方法,在分析缓冲区溢出攻击效果的基础上,提出基于进程执行轮廓的缓冲区溢出攻击效果检测方法,实验结果表明该方法的有效性。
|
| 关 键 词: | 缓冲区溢出攻击 攻击效果检测 进程执行轮廓 Windows系统服务 |
| 修稿时间: | |
Buffer Overflow Attack Impact Detection Based on Process Execution Profile |
| |
| SU Peng,CHEN Xing-yuan,TANG Hui-lin,ZHU Ning. Buffer Overflow Attack Impact Detection Based on Process Execution Profile[J]. Computer Engineering, 2009, 35(6): 156-158 |
| |
| Authors: | SU Peng CHEN Xing-yuan TANG Hui-lin ZHU Ning |
| |
| Affiliation: | Institute of Electronic Technology;PLA Information Engineering University;Zhengzhou 450004 |
| |
| Abstract: | Attack impact detection is important to the defence of buffer overflow attack. Windows Native APIs are proper data resource of attack impact detection. This paper proposes the concept of execution profile and the establishment method. Through the analysis of buffer overflow attack impact, buffer overflow attack impact detection based on process execution profile is proposed. Experiment illustrates this method is valid. |
| |
| Keywords: | buffer overflow attack attack impact detection process execution profile Windows Native API |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
| 点击此处可从《计算机工程》浏览原始摘要信息 |
|
点击此处可从《计算机工程》下载免费的PDF全文 |
