Packet vaccine
作者: XiaoFeng Wang , Zhuowei Li , Jun Xu , Michael K. Reiter , Chongkyung Kil
关键词:
摘要: In biology,a vaccine is a weakened strain of virus or bacterium that intentionally injected into the body for purpose stimulating antibody production.Inspired by this idea, we propose packet mechanism randomizes address-like strings in payloads to carry out fast exploit detection, vulnerability diagnosis and signature generation. An with randomized jump address behaves like vaccine: it will likely cause an exception vulnerable program's process when attempting hijack control flow,and thereby expose itself. Taking as template, our generator creates set new vaccines probe program, attempt uncover necessary conditions happen. A built upon these shield underlying from further attacks. way, detects fllters exploits black-box fashion,i.e., avoiding expense tracking execution flow. We present design example its application. also describe proof-of-concept implementation evaluation technique using real exploits.
acm.org
ornl.gov 
ai.google 参考文章(34)
Srikanth Kandula, Yuanyuan Zhou, Sudarshan M. Srinivasan, Christopher R. Andrews, Flashback: a lightweight extension for rollback and deterministic replay for software debugging usenix annual technical conference. pp. 3- 3 ,(2004)
Brad Karp, Hyang-Ah Kim, Autograph: toward automated, distributed worm signature detection usenix security symposium. pp. 19- 19 ,(2004)
Thomas Toth, Christopher Kruegel, Accurate buffer overflow detection via abstract payload execution recent advances in intrusion detection. pp. 274- 291 ,(2002) , 10.1007/3-540-36084-0_15
Michael E. Locasto, Angelos D. Keromytis, Stelios Sidiroglou, Stephen W. Boyd, Building a reactive immune system for software services usenix annual technical conference. pp. 11- 11 ,(2005) , 10.7916/D86D6562
K. G. Anagnostakis, K. Xinidis, A. D. Keromytis, E. Markatos, S. Sidiroglou, P. Akritidis, Detecting targeted attacks using shadow honeypots usenix security symposium. pp. 9- 9 ,(2005) , 10.7916/D8WM1PS8
Timothy K. Tsai, Ravishankar K. Iyer, Measuring Fault Tolerance with the FTAPE Fault Injection Tool MMB '95 Proceedings of the 8th International Conference on Modelling Techniques and Tools for Computer Performance Evaluation: Quantitative Evaluation of Computing and Communication Systems. pp. 26- 40 ,(1995) , 10.1007/BFB0024305
Cristian Estan, George Varghese, Stefan Savage, Sumeet Singh, Automated worm fingerprinting operating systems design and implementation. pp. 4- 4 ,(2004)
Archana Pasupulati, Jason Coit, Karl Levitt, Shyhtsun Felix Wu, SH Li, JC Kuo, Kuo-Pao Fan, Buttercup: on network-based detection of polymorphic buffer overflow vulnerabilities network operations and management symposium. ,vol. 1, pp. 235- 248 ,(2004) , 10.1109/NOMS.2004.1317662
R. Perdisci, D. Dagon, Wenke Lee, P. Fogla, M. Sharif, Misleading worm signature generators using deliberate noise injection ieee symposium on security and privacy. pp. 17- 31 ,(2006) , 10.1109/SP.2006.26
Christian Kreibich, Jon Crowcroft, Honeycomb: creating intrusion detection signatures using honeypots acm special interest group on data communication. ,vol. 34, pp. 51- 56 ,(2004) , 10.1145/972374.972384