SIGNATURE-FREE BUFFER OVERFLOW ATTACK BLOCKER

摘要

A real-time, signature-free, blocker prevents buffer overflow attacks. The system and method, called SigFree, can filter out code injection buffer overflow attack packets targeting at various Internet services such as web services. Motivated by the observation that buffer overflow attacks typically contain executables whereas legitimate client requests never contain executables in most Internet services, SigFree blocks attacks . by checking, without any preknowledge of the real attacks, if "executable" instruction sequences can be blindly disassembled and extracted from a packet. Being signature-free, the invention can block new and unknown buffer overflow attacks. It is immunized from almost every attack-side code obfuscation method, and transparent to the servers being protected. The approach is therefore suited to economical Internet-wide deployment with very low deployment and maintenance costs. SigFree can also handle encrypted SSL packets. An experimental study shows that SigFree can block all types of code-injection attack packets without yielding any false positives or false negatives. Moreover, SigFree causes negligible throughput degradation to normal client requests.