中国科学院软件研究所机构知识库
Advanced  
ISCAS OpenIR  > 软件所图书馆  > 期刊论文
Title:
基于异常控制流识别的漏洞利用攻击检测方法
Alternative Title: Exploit detection based on illegal control flow transfers identification
Author: 王明华 ; 应凌云 ; 冯登国
Corresponding Author: Wang, Ming-Hua
Keyword: 软件漏洞 ; 漏洞利用 ; 攻击检测 ; 地址随机化 ; 数据执行保护 ; software vulnerability ; exploit ; attack detection ; address space layout randomization ; data execution protection
Source: 通信学报
Issued Date: 2014
Volume: 35, Issue:9, Pages:20-31
Indexed Type: EI
Department: 中国科学院软件研究所可信计算与信息保障实验室,北京100190;中国科学院大学,北京100049 中国科学院软件研究所可信计算与信息保障实验室,北京,100190
Abstract: 为应对APT等漏洞利用攻击的问题,提出了一种基于异常控制流识别的漏洞利用攻击检测方法.该方法通过对目标程序的静态分析和动态执行监测,构建完整的安全执行轮廓,并限定控制流转移的合法目标,在函数调用、函数返回和跳转进行控制流转移时,检查目标地址的合法性,将异常控制流转移判定为漏洞攻击,并捕获完整的攻击步骤.实验结果表明,该方法能够准确检测到漏洞利用攻击,并具备良好的运行效率,可以作为漏洞利用攻击的实时检测方案.
English Abstract: In order to deal with exploit attacks such as APT, an approach was proposed to detect exploits based on illegal control flow transfers identification. Both static and dynamic analysis methods were performed to construct the CFSO (control flow safety outline), which was used to restrict the targets of control flow transfers occurred during the target program's running. When a call/ret/jmp was about to execute, the target was checked according to the CFSO. The illegal control flow transfer is considered as an exploit attack and all the following attacking steps could be captured. The experiment also showed that proposed method had decent overhead and could be applied to detect exploits online.
Language: 中文
Content Type: 期刊论文
URI: http://ir.iscas.ac.cn/handle/311060/16775
Appears in Collections:软件所图书馆_期刊论文

Files in This Item:

There are no files associated with this item.


Recommended Citation:
王明华,应凌云,冯登国. 基于异常控制流识别的漏洞利用攻击检测方法[J]. 通信学报,2014-01-01,35(9):20-31.
Service
Recommend this item
Sava as my favorate item
Show this item's statistics
Export Endnote File
Google Scholar
Similar articles in Google Scholar
[王明华]'s Articles
[应凌云]'s Articles
[冯登国]'s Articles
CSDL cross search
Similar articles in CSDL Cross Search
[王明华]‘s Articles
[应凌云]‘s Articles
[冯登国]‘s Articles
Related Copyright Policies
Null
Social Bookmarking
Add to CiteULike Add to Connotea Add to Del.icio.us Add to Digg Add to Reddit
所有评论 (0)
暂无评论
 
评注功能仅针对注册用户开放,请您登录
您对该条目有什么异议,请填写以下表单,管理员会尽快联系您。
内 容:
Email:  *
单位:
验证码:   刷新
您在IR的使用过程中有什么好的想法或者建议可以反馈给我们。
标 题:
 *
内 容:
Email:  *
验证码:   刷新

Items in IR are protected by copyright, with all rights reserved, unless otherwise indicated.

 

 

Valid XHTML 1.0!
Copyright © 2007-2020  中国科学院软件研究所 - Feedback
Powered by CSpace