Reducing false positive indications of buffer overflow attacks
作者: Carey S. Nachenberg , Sourabh Satish
DOI:
关键词:
摘要: Certain events, such as data input operating system calls, are likely to initiate a buffer overflow attack. A timing module generates timestamps that indicate when possible initiating events occur. The timestamp is associated with particular process and/or thread executing on the computer. If subsequent evidence of attack detected computer, consulted determine if event occurred recently. there recent event, declared. Evidence can include receiving signal from processor indicating was asked execute an instruction residing in non-executable memory. also detecting action computer malicious software perform, opening file or network connection, being performed by
lens.org 参考文章(4)
Wenke Lee, Salvatore J. Stolfo, A framework for constructing features and models for intrusion detection systems ACM Transactions on Information and System Security. ,vol. 3, pp. 227- 261 ,(2000) , 10.1145/382912.382914
Aishwarya Iyer, L.M. Liebrock, Vulnerability scanning for buffer overflow international conference on information technology coding and computing. ,vol. 2, pp. 116- 117 ,(2004) , 10.1109/ITCC.2004.1286600
Ge Zhu, A. Tyagi, Protection against indirect overflow attacks on pointers Second IEEE International Information Assurance Workshop, 2004. Proceedings.. ,vol. 1, pp. 97- 106 ,(2004) , 10.1109/IWIA.2004.1288041
J.P. McGregor, D.K. Karig, Z. Shi, R.B. Lee, A processor architecture defense against buffer overflow attacks international conference on information technology research and education. pp. 243- 250 ,(2003) , 10.1109/ITRE.2003.1270612