发明授权
- 专利标题: Signature-free buffer overflow attack blocker
- 专利标题(中): 无签名缓冲区溢出攻击拦截器
-
申请号: US11668699申请日: 2007-01-30
-
公开(公告)号: US08443442B2公开(公告)日: 2013-05-14
- 发明人: Xinran Wang , Chi-Chun Pan , Peng Liu , Sencun Zhu
- 申请人: Xinran Wang , Chi-Chun Pan , Peng Liu , Sencun Zhu
- 申请人地址: US PA University Park
- 专利权人: The Penn State Research Foundation
- 当前专利权人: The Penn State Research Foundation
- 当前专利权人地址: US PA University Park
- 代理机构: Gifford, Krass, Sprinkle, Anderson & Citkowski, P.C.
- 主分类号: H04L29/06
- IPC分类号: H04L29/06
摘要:
A real-time, signature-free, blocker prevents buffer overflow attacks. The system and method, called SigFree, can filter out code injection buffer overflow attack packets targeting at various Internet services such as web services. Motivated by the observation that buffer overflow attacks typically contain executables whereas legitimate client requests never contain executables in most Internet services, SigFree blocks attacks by checking, without any preknowledge of the real attacks, if “executable” instruction sequences can be blindly disassembled and extracted from a packet. Being signature-free, the invention can block new and unknown buffer overflow attacks. It is immunized from almost every attack-side code obfuscation method, and transparent to the servers being protected. The approach is therefore suited to economical Internet-wide deployment with very low deployment and maintenance costs. SigFree can also handle encrypted SSL packets. An experimental study shows that SigFree can block all types of code-injection attack packets without yielding any false positives or false negatives. Moreover, SigFree causes negligible throughput degradation to normal client requests.
公开/授权文献
- US20080022405A1 SIGNATURE-FREE BUFFER OVERFLOW ATTACK BLOCKER 公开/授权日:2008-01-24