Reasearch On Detection And Prevention Techniques Of Buffer Overflow Attacking Code

Buffer overflow is a huge risk, a very common vulnerability attack, an attacker can implantTrojan horses via the buffer overflow remotely, execute unauthorized commands, access toconfidential information and other operations, which triggered a large number of securityincidents. Therefore, the defense of buffer overflow vulnerability has become essential. Studyof prevention methods and techniques of buffer overflow has important significance to thesafety for the host.Aim at the current lack of vulnerability defense method of buffer overflow, a buffer-baseddetection and Randomization memory layout defense of the collaborative method is proposedthis paper.First, study of the causes of buffer overflow, mechanism, establish prevention methods ofbuffer overflow and ways to build a buffer defense model. When buffer overflow attack, manycomputers are infected by the same attack code is the source of serious harm, while thesuccessful implementation of the code is the key to the attack. Therefore, the keys of defensebuffer overflow is prevention the running successfully of attacking code.Second, detection of the attack code can use return address method and code eigenvaluemethod. Return address method, this attack can only protect the stack buffer overflow. Based onthe traditional signature-based detection of buffer overflow techniques, variable-length databased on rabin fingerprint fragmentation technology is proposed in this papaer, as well asbloom filter based on the characteristics of data extraction algorithms. Attack code detection isundecidable, detecting can not eliminate completely the buffer overflow attacks.Third, the diversity of computer operating environment is the effective way to bufferoverflow attacks. After diversification, the same software, each time it is run or when on adifferent computer system, showing different operating environment characteristics, therefore,for attack successfully of a computer, it can not succeed on other computers. Therefore it canprevent effectivlly computer from buffer overflow attacking.This article from the perspective ofthe Windows kernel to study the key technologies of memory layout diversification,such asprocess creation,memory managemnet in kernel.Fourth, by the HOOK technology of Windows operating system, HOOK the system calls,intercepte program data，bring about attacking code detection in user mode and HOOK thesyytem call in the kernel mode,change the algorithm of memory allocation., achieve diversitysystem by modifying memory management of balanced binary tree in kernel mode.Finally, performance and functional testing of buffer overflow defense system is tested viavulnerability testing tool in this paper. Experimental results show that，Buffer overflowattacking,which be failed to detect successfully in the front-end, could be automated prevent inthe back-end.Attacking code detection and Randomized memory distribution of defense systemproposed in this paper can effective against known and0day buffer overflow attacks.