Projects

sigfree:A signature free buffer overflow attack blocker

 

Abstract

 

 

 

SigFree, an online signature-free out-of-the-box application-layer method for blocking code-injection buffer overflow attack messages targeting at various Internet services such as web service. Motivated by the observation that buffer overflow attacks typically contain executables whereas legitimate client requests never contain executables in most Internet services, SigFree blocks attacks by detecting the presence of code. Unlike the previous code detection algorithms, SigFree uses a new data-flow analysis technique called code abstraction that is generic, fast, and hard for exploit code to evade.

Existing System:

 

Current intrusion detection systems (IDS) address this problem in different ways. Misuse based network IDS attempt to detect the signature of known exploits in the payload of the network packets. This can be easily evaded by a skilled intruder as the attack code can be changed, reordered or even partially encrypted. Anomaly based network sensors neglect the packet payload and only analyze bursts of traffic thus missing buffer overflows altogether. Host based anomaly detectors that monitor process behavior can notice a successful exploit but only aposteriori when it has already been successful. In addition, both anomaly variants suffer from high false positive rates.

 

 

Proposed System:

 

SigFree is signature free, thus it can block new and unknown buffer overflow attacks; SigFree is also immunized from most attack-side code obfuscation methods. Since SigFree is a transparent deployment to the servers being protected, it is good for economical Internet-wide deployment with very low deployment and maintenance cost. We implemented and tested SigFree; our experimental study shows that the dependency-degree-based SigFree could block all types of code-injection attack packets in our experiments with very few false positives. Moreover, SigFree causes very small extra latency to normal client requests when some requests contain exploit code.

 

Hardware Requirements:

 

  • System                  : Pentium IV 2.4 GHz.
  • Hard Disk              : 40 GB.
  • Floppy Drive         : 1.44 Mb.
  • Monitor                 : 15 VGA Colour.
  • Mouse                   : Logitech.
  • RAM                    : 256 Mb.

 

Software Requirements:

 

  • Operating system   : - Windows XP Professional.
  • Coding Language   : - JAVA
  • Tool used              : -Eclipse


Tags :
4.5
Your rating: None Average: 4.5 (2 votes)

Posted by



Wed, 23/02/2011 - 14:03

Share

Collaborate