Actively Modifying Control Flow of Program for Efficient Anormaly Detection
In order to prevent the malicious use of the computers exploiting buffer overflow vulnerabilities, a corrective action by not only calling a programmer’s attention but expansion of compiler or operating system is likely to be important. On the other hand, the introduction and employment of intrusion detection systems must be easy for people with the restricted knowledge of computers. In this paper, we propose an anomaly detection method by modifying actively some control flows of programs. Our method can efficiently detect anomaly program behavior and give no false positives.
KeywordsFunction Pointer Anomaly Detection Function Call Intrusion Detection System Return Address
Unable to display preview. Download preview PDF.
- 1.Openwall Project, Linux kernel patch from the Openwall project, (accessed 2004-01-20) http://www.openwall.com/linux/
- 2.Linus Torvalds,(accessed 2004-02-13) http://old.lwn.net/1998/0806/a/linus-noexec.html
- 3.Wagle, P., Cowan, C.: StackGuard: SimpleStack Smash Protection for GCC. In: Proceedings of the GCC Developers Summit, May 2003, pp. 243–255 (2003)Google Scholar
- 4.Prasad, M., Chiueh, T.: A Binary Rewriting Defense Against Stack-based Buffer Overflow Attacks. In: Proceedings of Usenix Annual Technical Conference (June 2003)Google Scholar
- 5.Chiueh, T., Hsu, F.: RAD: A compile time solution for buffer overflow attacks. In: Proceedings of 21st IEEE International Conference on Distributed Computing Systems (ICDCS) (April 2001)Google Scholar