| 基于异常诊断的代码注入攻击自动分析和响应系统 |
| |
| 引用本文: | 李 闻,戴英侠,连一峰,冯萍慧,鲍旭华.基于异常诊断的代码注入攻击自动分析和响应系统[J].软件学报,2008,19(6):1519-1532. |
| |
| 作者姓名: | 李 闻 戴英侠 连一峰 冯萍慧 鲍旭华 |
| |
| 作者单位: | 中国科学院,研究生院,信息安全国家重点实验室,北京,100049 |
| |
| 基金项目: | Supported by the National Natural Science Foundation of China under Grant Nos.60403006, 60503046 (国家自然科学基金); the National High-Tech Research and Development Plan of China under Grant No.2006AA01Z437 (国家高技术研究发展计划(863)) |
| |
| 摘 要: | 提出了一种基于进程异常场景分析的代码注入攻击自动分析和响应系统.该系统根据进程异常场景自动分析攻击载荷句法,并生成面向漏洞的攻击特征,由该攻击特征,可以识别和阻断基于同一未知漏洞同种利用方式的各种代码注入攻击的变形.通过在生成攻击特征以及响应攻击的过程中结合网络协议和进程的状态,可以在不升高检测漏警概率的前提下显著地降低响应虚警概率和系统对外服务的响应时间.另外,还简要介绍了基于Linux和Windows 2000的原型系统,并给出了功能和性能的实验结果.
|
| 关 键 词: | 异常场景诊断 攻击特征自动提取 自动攻击响应 自动机 |
| 收稿时间: | 2006/8/15 0:00:00 |
| 修稿时间: | 2006年8月15日 |
Code-Injection Attack Automatic Analyses and Response System Based on Abnormal Scene Diagnose |
| |
| LI Wen,DAI Ying-Xi,LIAN Yi-Feng,FENG Ping-Hui and BAO Xu-Hua.Code-Injection Attack Automatic Analyses and Response System Based on Abnormal Scene Diagnose[J].Journal of Software,2008,19(6):1519-1532. |
| |
| Authors: | LI Wen DAI Ying-Xi LIAN Yi-Feng FENG Ping-Hui and BAO Xu-Hua |
| |
| Abstract: | The paper presents a code-injection attack automatic analyses and response system.By means of analyzing abnormal scene and syntax of data payload,it generates vulnerability-oriented signatures which are used to filter off variant form of code injection attack based on same attack scheme of same vulnerability.By combining with protocol state and process state during signatures generating and attack responding process,very low false positive rate and lagging without elevating false negative rate can be gained.Some technical details of the protocol type system on Linux and Windows 2000 and experimental results are also presented. |
| |
| Keywords: | abnormal scene diagnose automatic attack signatures generation automatic attack response automaton |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
| 点击此处可从《软件学报》浏览原始摘要信息 |
|
点击此处可从《软件学报》下载全文 |
