A Framework for Safeguarding System against Code Injection Attacks

机译：防止代码注入攻击系统的框架

获取原文

页面导航

摘要
著录项
相似文献
相关主题

摘要

A framework based on Native API is proposed to prevent code injection attacks. This framework is implemented in a two-tier framework by adopting the idea of diversity. The first tier rearranges the Native API dispatch ID number so that only the Native API calls from legitimate sources are executed. The second tier provides an authentication process in case an attacker guesses the first-tier permutation order. The function call stack is back-traced to verify whether the original caller's return address resides within the legitimate process. When an attack is suspected, the process is terminated and an alert is generated. The experiments show that the approach has no significant overhead.

机译：提出了一种基于本机API的框架，以防止代码注入攻击。该框架是通过采用多样性的思想在双层框架中实现。第一层重新排列本机API调度ID号，以便仅执行来自合法源的本机API呼叫。在攻击者猜测第一层排列顺序的情况下，第二层提供了认证过程。函数调用堆栈被返回追踪以验证原始呼叫者的返回地址是否在合法过程中驻留。当怀疑攻击时，将终止此过程并生成警报。实验表明，该方法没有明显的开销。

著录项

来源
《International conference on information technology and industrial engineering》|2010年||共4页
会议地点
作者
Feng Yao;
展开▼
作者单位

展开▼
会议组织
原文格式 PDF
正文语种
中图分类信息与知识传播;
关键词
Native API; Code Injection Attacks; Filter driver;

机译：天然API;代码注入攻击;过滤器驱动程序;

相似文献

外文文献
中文文献
专利

1. Stacked Autoencoder Framework of False Data Injection Attack Detection in Smart Grid [J] . Liang Chen, Songlin Gu, Ying Wang, Mathematical Problems in Engineering: Theory, Methods and Applications . 2021,第a期

机译：智能电网中虚假数据喷射攻击检测的堆叠的AutoEncoder框架
2. A Descriptor System design framework for false data injection attack toward power systems [J] . Qiu Aibing, Ding Zhou, Wang Shengfeng Electric power systems research . 2021,第Mara期

机译：用于电力系统的假数据注入攻击的描述符系统设计框架
3. Coding Schemes for Securing Cyber-Physical Systems Against Stealthy Data Injection Attacks [J] . Fei Miao, Quanyan Zhu, Miroslav Pajic, Control of Network Systems, IEEE Transactions on . 2017,第1期

机译：用于保护网络物理系统免受秘密数据注入攻击的编码方案
4. A Framework for Safeguarding System against Code Injection Attacks [C] . Feng Yao ITIE 2010;International conference on information technology and industrial engineering . 2010

机译：防范代码注入攻击的系统保护框架
5. Unobservable False Data Injection Attacks on Power Systems [D] . Chu, Zhigang. 2020

机译：对电力系统的不可观察的虚假数据注入攻击
6. Safeguarding Ecosystem Services: A Methodological Framework to Buffer the Joint Effect of Habitat Configuration and Climate Change [O] . Tereza C. Giannini, Leandro R. Tambosi, André L. Acosta, -1

机译：维护生态系统服务：缓冲人居格局与气候变化共同影响的方法框架
7. A Framework for Diversifying Windows Native APIs to Tolerate Code Injection Attacks [O] . Lynette Qu, Nguyen Tufan, Demir Jeff, 2008

机译：一种多样化Windows Native apI以容忍代码注入攻击的框架
8. Attack methodology Analysis: SQL Injection Attacks and Their Applicability to Control Systems [R] . 2005

机译：攻击方法分析：sQL注入攻击及其对控制系统的适用性

A Framework for Safeguarding System against Code Injection Attacks

摘要

著录项

相似文献

相关主题

期刊订阅