Responsive image
博碩士論文 etd-0801107-203241 詳細資訊
Title page for etd-0801107-203241
Association rules for exploit code analysis to prevent Buffer Overflow
Year, semester
Number of pages
Advisory Committee
Date of Exam
Date of Submission
system call, association rules, Buffer Overflow, exploit code
本論文已被瀏覽 5857 次,被下載 0
The thesis/dissertation has been browsed 5857 times, has been downloaded 0 times.
As the development of software applications and Internet, the security issues that come with get more serious. Buffer Overflow is an unavoidable problem while software programming. According to the advisories of each year, they show that many security vulnerabilities are from Buffer Overflow. Buffer Overflow is also the cause of intrusion made by hackers. The users of software applications usually depend on the software updates released by software venders to prevent the attacks caused by Buffer Overflow. So before applying software updates, that how to avoid attacks to software and prolong the save period of software is an important issue to prevent Buffer Overflow. By collecting and analyzing the exploit codes used by hackers, we can build the overall pattern of Buffer Overflow attacks, and we can take this pattern as the basis for preventing future Buffer Overflow attacks.
Association rules can find the relations of unknown things, so it can help to build the common pattern between Buffer Overflow attacks. So this work applies association rules to build the pattern of Buffer Overflow attacks, and to find out the relations of system calls inside the exploit codes. We experiment and build a group of system call rules that can differentiate the attack behavior and the normal behavior. These rules can detect the Buffer Overflow attacks exactly and perform well in false positives. And then they can help to do further defenses after detecting attacks and alleviate the seriousness of Buffer Overflow attacks to computer systems.
目次 Table of Contents
第一章 緒論 1
第一節 研究背景 1
第二節 緩衝區溢位(Buffer Overflow) 2
第三節 研究動機 5
第二章 文獻探討 8
第一節 Buffer Overflow攻擊分類 8
第二節 相關防治Buffer Overflow的研究 9
第三節 文獻探討中的比較與缺點 13
第三章 研究方法與步驟 - 攻擊探測碼的分析方法 14
第一節 exploit code(攻擊探測碼)、shell code與system call 14
第二節 問題定義與描述 15
第三節 關聯規則 16
第四節 系統架構 18
第五節 實驗設計與模擬 20
第四章 實驗結果與評估 31
第一節 篩選初步規則 31
第二節 比對攻擊行為的實驗結果 35
第三節 比對正常行為的實驗結果 36
第四節 刪除無效的規則 36
第五節 評估 37
第五章 結論 39
第一節 本研究的貢獻 39
第二節 未來發展 39
參考文獻 40
英文參考文獻 40
中文參考文獻 43
參考文獻 References
[2] CERT Statistics
[3] National Vulnerability Database.
[4] Gerardo Richarte. “Four different tricks to bypass StackShield and StackGuard protection”, April 9, 2002 - June 3, 2002.
[5] James C Foster. “Buffer Overflow Attacks - Detect, Exploit, Prevent”, April 6, 2006.
[6] Crispin Cowan, Perry Wagle, Calton Pu, Steve Beattie, and Jonathan Walpole. “Buffer Overflows: Attacks and Defenses for the vulnerability of the Decade” , DARPA Information Survivability Conference and Exposition 2000 Proceedings.
[7] CERT® Advisory CA-2001-19.
[8] CERT® Advisory CA-2003-04.
[9] CERT® Advisory CA-2003-20.
[10] Crispan Cowan, Calton Pu, Dave Maier, Jonathan Walpole, Peat Bakke, Steve Beattie, Aaron Grier, Perry Wagle, and Qian Zhang. “StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks”, Proceedings of the 7th USENIX Security Symposium, San Antonio, Texas, January 26-29, 1998.
[11] David A. Wheeler. “Secure Programming for Linux and Unix HOWTO”, 3 March 2003.
[12] Purify: Fast Detection of Memory Leaks and Access Errors. In Proceedings
of the Winter USENIX Conference, 1992.
[14] Crispin Cowan, Steve Beattie, John Johansen and Perry Wagle. “PointGuardTM: Protecting Pointers From Buffer Overflow Vulnerabilities”, Proceedings of the 12th USENIX Security Symposium, August 4–8, 2003.
[15] Arash Baratloo, Timothy Tsai, and Navjot Singh. “Libsafe: Protecting Critical Elements of Stacks”, December 25, 1999.
[16] Biswanath Mukherjee, L. Todd Heberlein, and Karl N. Levitt. “Network Intrusion Detection” , IEEE Network May/June 1994.
[17] StackShield.
[18] Thomas Toth and Christopher Kruegel. “Accurate Buffer Overflow Detection via Abstract Payload Execution” , Distributed Systems Group, Technical University of Vienna, 2002
[19] A. Pasupulati, J. Coit, K. Levitt. S. F. Wu. “Buttercup: On Network-based Detection of Polymorphic Buffer Overflow Vulnerabilities”, IEEE 2004.
[20] Stig Andersson, Andrew Clark, and George Mohay. “Network-Based Buffer Overflow Detection by Exploit Code Analysis”, Proceedings of AusCERT Asia Pacific Information Technology, 2004.
[21] Zhenkai Liang and R. Sekar. “Automatic Generation of Buffer Overflow Attack Signatures: An Approach Based on Program Behavior Models” , Proceedings of the 21st Annual Computer Security Applications Conference, 2005.
[22] Snort.
[24] Solar Designer. Non-executable Stack Patch.
[25] PaX.
[26] RSX.
[27] kNoX.
[28] Austin TM, Breach SE, Sohi GS. Efficient detection of all pointer and array access errors. ACM SIGPLAN 94 Conference on Programming Language Design and Implementation. ACM: Orlando, FL, 1994;290-301
[29] Jones RWM, Kelly PHJ. Backwards-compatible bounds checking for arrays and pointers in C programs. Proceedings of the Third International Workshop on Automatic Debugging, Sweden, May 1997. Linkoeping University Electronic Press,13-26.
[30] Hastings R, Joyce B. Purify: Fast detection of memory leaks and access errors. Proceedings of the Winter USENIX Conference. USENIX: San Jose, CA, 1992; 125-138
[31] Wagner D, Foster JS, Brewer EA, Aiken A. A first step towards automated detection of buffer overrun vulnerabilities. Network and Distributed System Security Symposium, San Diego, CA, February 2000; 3-17
[32] Larochelle D, Evans D. Statically detecting likely buffer overflow vulnerabilities. Proceedings of the 10th USENIX Security Symposium. USENIX: Washington, DC, 2001; 177-189
[33] Necula GC, McPeak S, Weimer W. CCured: Type-safe retrofitting of legacy code. 29th ACM Symposium on Principles of Programming Languages. ACM: Portland, OR, 2002; 128-139
[34] Jim T, Morrisett G, Grossman D, Hicks M, Cheney J, Wang Y. Cyclone: A safe dealect of C. USENIX Annual Technical Conference. USENIX: Monterey, CA, 2002.
[37] Linux System Call Table:
[38] R. Agrawal, T. Imielinski, and A. Swami. Mining association rules between sets of items in large databases. Proceedings of the ACM SIGMOD Conference on Management of data, p.p. 207-216, May 1993.
[39] R. Agrawal, and R. Srikant. Fast algorithms for mining association rules in large database. Technical Report FJ9839, IBM Almaden Research Center, San Jose, CA, Jun. 1994.
[40] R. Agrawal, and R. Srikant. Fast algorithms for mining association rules. In Proc. 1994 Int. Conf. Very Large Databases(VLDB’94), Sep. 1994.

[1] 軟體王.
[35] 尹相志, SQL Server 2005 資料採礦聖經, 學貫, 2005, ISBN:9867198395
電子全文 Fulltext
論文使用權限 Thesis access permission:校內校外均不公開 not available
開放時間 Available:
校內 Campus:永不公開 not available
校外 Off-campus:永不公開 not available

您的 IP(校外) 位址是
論文開放下載的時間是 校外不公開

Your IP address is
This thesis will be available to you on Indicate off-campus access is not available.

紙本論文 Printed copies
開放時間 available 已公開 available

QR Code