摘要: 根据攻击者通常通过修改函数返回地址或函数入口地址来改变程序流程的特点以及ELF文件的结构特点,在调用函数和函数调用返回时对某些特定信息进行处理,以检测出攻击行为。依靠动态程序监控平台pin提供的API函数来编写程序运行时监控工具,提出缓冲区溢出攻击实时检测的方法。实例分析表明该方法具有无需对现有的软、硬件系统进行修改的特点。
关键词:
程序监控,
缓冲区溢出,
全局偏移表,
实时检测
Abstract: According to the features that the attacker usual depends on modifying function return address or function entry address to change the program execution sequence and the structural characteristics of ELF file, while calling function and returning after function calling, certain specific information is dealed with in order to detect attack action. This paper presents a new approach of detecting buffer overflow attacks at runtime depending on the pin that is a tool for the dynamic program monitoring and provides numbers of API functions to design a tool which executives runtime program. Case analysis shows that the method does not need alter the software and hardware system.
Key words:
program monitoring,
buffer overflow,
Global Offset Table(GOT),
real-time detection
中图分类号:
史胜利, 任平安. 一种缓冲区溢出攻击的实时检测方法[J]. 计算机工程, 2011, 37(10): 111-113.
SHI Qing-Li, LIN Beng-An. Real-time Detection Method of Buffer Overflow Attacks[J]. Computer Engineering, 2011, 37(10): 111-113.