• Refine Query
  • Source
  • Publication year
  • to
  • Language
  • 1
  • Tagged with
  • 1
  • 1
  • 1
  • 1
  • 1
  • 1
  • 1
  • 1
  • About
  • The Global ETD Search service is a free service for researchers to find electronic theses and dissertations. This service is provided by the Networked Digital Library of Theses and Dissertations.
    Our metadata is collected from universities around the world. If you manage a university/consortium/country archive and want to be added, details can be found on the NDLTD website.
1

Association rules for exploit code analysis to prevent Buffer Overflow

Li, Chang-Yu 01 August 2007 (has links)
As the development of software applications and Internet, the security issues that come with get more serious. Buffer Overflow is an unavoidable problem while software programming. According to the advisories of each year, they show that many security vulnerabilities are from Buffer Overflow. Buffer Overflow is also the cause of intrusion made by hackers. The users of software applications usually depend on the software updates released by software venders to prevent the attacks caused by Buffer Overflow. So before applying software updates, that how to avoid attacks to software and prolong the save period of software is an important issue to prevent Buffer Overflow. By collecting and analyzing the exploit codes used by hackers, we can build the overall pattern of Buffer Overflow attacks, and we can take this pattern as the basis for preventing future Buffer Overflow attacks. Association rules can find the relations of unknown things, so it can help to build the common pattern between Buffer Overflow attacks. So this work applies association rules to build the pattern of Buffer Overflow attacks, and to find out the relations of system calls inside the exploit codes. We experiment and build a group of system call rules that can differentiate the attack behavior and the normal behavior. These rules can detect the Buffer Overflow attacks exactly and perform well in false positives. And then they can help to do further defenses after detecting attacks and alleviate the seriousness of Buffer Overflow attacks to computer systems.

Page generated in 0.0595 seconds