作者投稿和查稿 主编审稿 专家审稿 编委审稿 远程编辑

计算机工程 ›› 2009, Vol. 35 ›› Issue (6): 156-158. doi: 10.3969/j.issn.1000-3428.2009.06.054

• 安全技术 • 上一篇    下一篇

基于进程执行轮廓的缓冲区溢出攻击效果检测

苏 朋,陈性元,唐慧林,祝 宁   

  1. (解放军信息工程大学电子技术学院,郑州 450004)
  • 收稿日期:1900-01-01 修回日期:1900-01-01 出版日期:2009-03-20 发布日期:2009-03-20

Buffer Overflow Attack Impact Detection Based on Process Execution Profile

SU Peng, CHEN Xing-yuan, TANG Hui-lin, ZHU Ning   

  1. (Institute of Electronic Technology, PLA Information Engineering University, Zhengzhou 450004)
  • Received:1900-01-01 Revised:1900-01-01 Online:2009-03-20 Published:2009-03-20

摘要: 缓冲区溢出攻击效果检测对缓冲区溢出安全防御工作具有重要意义,该文分析进程与Windows Native API的关系,以Windows Native API为数据源进行攻击效果检测。提出执行轮廓的概念及其建立方法,在分析缓冲区溢出攻击效果的基础上,提出基于进程执行轮廓的缓冲区溢出攻击效果检测方法,实验结果表明该方法的有效性。

关键词: 缓冲区溢出攻击, 攻击效果检测, 进程执行轮廓, Windows系统服务

Abstract: Attack impact detection is important to the defence of buffer overflow attack. Windows Native APIs are proper data resource of attack impact detection. This paper proposes the concept of execution profile and the establishment method. Through the analysis of buffer overflow attack impact, buffer overflow attack impact detection based on process execution profile is proposed. Experiment illustrates this method is valid.

Key words: buffer overflow attack, attack impact detection, process execution profile, Windows Native API

中图分类号: