Actively Modifying Control Flow of Program for Efficient Anormaly Detection

  • Kohei Tatara
  • Toshihiro Tabata
  • Kouichi Sakurai
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4252)


In order to prevent the malicious use of the computers exploiting buffer overflow vulnerabilities, a corrective action by not only calling a programmer’s attention but expansion of compiler or operating system is likely to be important. On the other hand, the introduction and employment of intrusion detection systems must be easy for people with the restricted knowledge of computers. In this paper, we propose an anomaly detection method by modifying actively some control flows of programs. Our method can efficiently detect anomaly program behavior and give no false positives.


Function Pointer Anomaly Detection Function Call Intrusion Detection System Return Address 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Openwall Project, Linux kernel patch from the Openwall project, (accessed 2004-01-20)
  2. 2.
    Linus Torvalds,(accessed 2004-02-13)
  3. 3.
    Wagle, P., Cowan, C.: StackGuard: SimpleStack Smash Protection for GCC. In: Proceedings of the GCC Developers Summit, May 2003, pp. 243–255 (2003)Google Scholar
  4. 4.
    Prasad, M., Chiueh, T.: A Binary Rewriting Defense Against Stack-based Buffer Overflow Attacks. In: Proceedings of Usenix Annual Technical Conference (June 2003)Google Scholar
  5. 5.
    Chiueh, T., Hsu, F.: RAD: A compile time solution for buffer overflow attacks. In: Proceedings of 21st IEEE International Conference on Distributed Computing Systems (ICDCS) (April 2001)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Kohei Tatara
    • 1
  • Toshihiro Tabata
    • 2
  • Kouichi Sakurai
    • 3
  1. 1.Graduate School of Information Science, and Electrical EngineeringKyushu UniversityJapan
  2. 2.Graduate School of Natural Science and TechnologyOkayama UniversityJapan
  3. 3.Faculty of Information Science and Electrical EngineeringKyushu UniversityJapan

Personalised recommendations