SIGNATURE-FREE BUFFER OVERFLOW ATTACK BLOCKER
    1.
    发明申请
    SIGNATURE-FREE BUFFER OVERFLOW ATTACK BLOCKER 有权
    免签式缓冲区溢出攻击拦截器

    公开(公告)号:US20080022405A1

    公开(公告)日:2008-01-24

    申请号:US11668699

    申请日:2007-01-30

    IPC分类号: G08B23/00

    CPC分类号: H04L63/1441

    摘要: A real-time, signature-free, blocker prevents buffer overflow attacks. The system and method, called SigFree, can filter out code injection buffer overflow attack packets targeting at various Internet services such as web services. Motivated by the observation that buffer overflow attacks typically contain executables whereas legitimate client requests never contain executables in most Internet services, SigFree blocks attacks by checking, without any preknowledge of the real attacks, if “executable” instruction sequences can be blindly disassembled and extracted from a packet. Being signature-free, the invention can block new and unknown buffer overflow attacks. It is immunized from almost every attack-side code obfuscation method, and transparent to the servers being protected. The approach is therefore suited to economical Internet-wide deployment with very low deployment and maintenance costs. SigFree can also handle encrypted SSL packets. An experimental study shows that SigFree can block all types of code-injection attack packets without yielding any false positives or false negatives. Moreover, SigFree causes negligible throughput degradation to normal client requests.

    摘要翻译: 实时,无签名的阻止程序可以防止缓冲区溢出攻击。 称为SigFree的系统和方法可以过滤掉针对各种互联网服务(如Web服务)的代码注入缓冲区溢出攻击包。 由于缓冲区溢出攻击通常包含可执行文件,而合法的客户端请求在大多数Internet服务中从不包含可执行文件,SigFree阻止了攻击,如果“可执行”指令序列可以被盲目地拆卸并从 一包。 无签名,本发明可以阻止新的和未知的缓冲区溢出攻击。 几乎每个攻击方代码混淆方法都可以免疫,对被保护的服务器是透明的。 因此,该方法适用于经济的互联网部署,部署和维护成本极低。 SigFree还可以处理加密的SSL数据包。 一项实验研究表明,SigFree可以阻止所有类型的代码注入攻击包,而不会产生任何假阳性或假阴性。 此外,SigFree对通常客户端请求的吞吐量降低可以忽略不计。

    Signature-free buffer overflow attack blocker
    2.
    发明授权
    Signature-free buffer overflow attack blocker 有权
    无签名缓冲区溢出攻击拦截器

    公开(公告)号:US08443442B2

    公开(公告)日:2013-05-14

    申请号:US11668699

    申请日:2007-01-30

    IPC分类号: H04L29/06

    CPC分类号: H04L63/1441

    摘要: A real-time, signature-free, blocker prevents buffer overflow attacks. The system and method, called SigFree, can filter out code injection buffer overflow attack packets targeting at various Internet services such as web services. Motivated by the observation that buffer overflow attacks typically contain executables whereas legitimate client requests never contain executables in most Internet services, SigFree blocks attacks by checking, without any preknowledge of the real attacks, if “executable” instruction sequences can be blindly disassembled and extracted from a packet. Being signature-free, the invention can block new and unknown buffer overflow attacks. It is immunized from almost every attack-side code obfuscation method, and transparent to the servers being protected. The approach is therefore suited to economical Internet-wide deployment with very low deployment and maintenance costs. SigFree can also handle encrypted SSL packets. An experimental study shows that SigFree can block all types of code-injection attack packets without yielding any false positives or false negatives. Moreover, SigFree causes negligible throughput degradation to normal client requests.

    摘要翻译: 实时,无签名的阻止程序可以防止缓冲区溢出攻击。 称为SigFree的系统和方法可以过滤掉针对各种互联网服务(如Web服务)的代码注入缓冲区溢出攻击包。 由于缓冲区溢出攻击通常包含可执行文件,而合法的客户端请求在大多数Internet服务中从不包含可执行文件,SigFree阻止了攻击,如果“可执行”指令序列可以被盲目地拆卸并从 一包。 无签名,本发明可以阻止新的和未知的缓冲区溢出攻击。 几乎每个攻击方代码混淆方法都可以免疫,对被保护的服务器是透明的。 因此,该方法适用于经济的互联网部署,部署和维护成本极低。 SigFree还可以处理加密的SSL数据包。 一项实验研究表明,SigFree可以阻止所有类型的代码注入攻击包,而不会产生任何假阳性或假阴性。 此外,SigFree对通常客户端请求的吞吐量降低可以忽略不计。