SYSTEM AND METHOD FOR DETECTING SOFTWARE ATTACKS ON LINUX

摘要

A system and a method for detecting software attack in a Linux OS(Operating System) are provided to prevent attacks by a hacker or worms by detecting the software attack before control of a process is moved to an attack code inputted in an address space of the process. A target address obtainer(210) obtains a target address of a command or a function related to a process execution flow. An address validity checker(230) checks whether the obtained target list is included in an address list(220) of an execution code memory area in which control of a process is moved. The address validity checker includes an address range divider(231) dividing the address list of the execution code memory area into more than one address range, an address range selector(232), and a determiner(233) determining whether the obtained target address is included in the selected address range. The target address obtainer obtains the target address from a command target address searcher(213) searching the target address of an indirect CALL, indirect JUMP, or RET command(211). The target address obtainer obtains the target address from a function target address searcher(214) searching the target address from a longjmp() function(212).