Abstract:
Attack impact detection is important to the defence of buffer overflow attack. Windows Native APIs are proper data resource of attack impact detection. This paper proposes the concept of execution profile and the establishment method. Through the analysis of buffer overflow attack impact, buffer overflow attack impact detection based on process execution profile is proposed. Experiment illustrates this method is valid.
Key words:
buffer overflow attack,
attack impact detection,
process execution profile,
Windows Native API
摘要: 缓冲区溢出攻击效果检测对缓冲区溢出安全防御工作具有重要意义,该文分析进程与Windows Native API的关系,以Windows Native API为数据源进行攻击效果检测。提出执行轮廓的概念及其建立方法,在分析缓冲区溢出攻击效果的基础上,提出基于进程执行轮廓的缓冲区溢出攻击效果检测方法,实验结果表明该方法的有效性。
关键词:
缓冲区溢出攻击,
攻击效果检测,
进程执行轮廓,
Windows系统服务
CLC Number:
SU Peng; CHEN Xing-yuan; TANG Hui-lin; ZHU Ning. Buffer Overflow Attack Impact Detection Based on Process Execution Profile[J]. Computer Engineering, 2009, 35(6): 156-158.
苏 朋;陈性元;唐慧林;祝 宁. 基于进程执行轮廓的缓冲区溢出攻击效果检测[J]. 计算机工程, 2009, 35(6): 156-158.