Title :
AIFD: A Runtime Solution to Buffer Overflow Attack
Author :
Han, Hong ; Lu, Xian-Liang ; Ren, Li-Yong ; Chen, Bo ; Yang, Ning
Author_Institution :
Univ. of Electron. Sci. & Technol. of China, Chengdu
Abstract :
While buffer overflow problem has been known for a long time, it continues to present a serious security threat. Many solutions to the notorious problem were proposed. However, they had their own drawbacks. This paper presents a solution called API invocation fingerprint detection (AIFD) to eliminate overflow vulnerability with very low performance penalty. The solution is API-hook-based, which does not require compiler extensions or operating system kernel patches. Unlike other API-hook-based solutions, which will not discover that system calls are actually invoked by malicious code in certain cases, AIFD works well in those cases. By it, programs protected will not yield control to the exploitation code, but rather enter a fail-safe state. In this paper, we present principle of buffer overflow attacks, implementation details of AIFD, and experimental results of both penetration resistance and the performance impact of this solution.
Keywords :
application program interfaces; buffer storage; fingerprint identification; operating system kernels; program compilers; security of data; API invocation fingerprint detection; API-hook-based solutions; buffer overflow attack; operating system kernel; program compiler; Buffer overflow; Cybernetics; Educational institutions; Fingerprint recognition; Intrusion detection; Kernel; Machine learning; Operating systems; Protection; Runtime; AIFD; API hook; Buffer overflow attack;
Conference_Titel :
Machine Learning and Cybernetics, 2007 International Conference on
Conference_Location :
Hong Kong
Print_ISBN :
978-1-4244-0973-0
Electronic_ISBN :
978-1-4244-0973-0
DOI :
10.1109/ICMLC.2007.4370697
