一种Cisco IOS内存溢出攻击检测方法
"棱镜门"事件的曝出,使得Cisco路由器的安全性问题越来越受到重视。从提升网络环境安全性的角度出发,提出了一种基于动态污点分析的Cisco IOS内存溢出攻击检测方法。首先,通过分析Cisco IOS的指令格式,根据指令的特点制定相应的污点传播规则,实现了对Cisco IOS的动态污点分析;其次,通过定位Cisco IOS中的安全库函数来确定安全性检测点,并通过检查安全库函数参数的污点属性来判定攻击。实验结果证明,该方法可以有效地检测针对Cisco IOS的内存溢出攻击,并可以追踪攻击的来源,有利于网络安全性的提升。...
Saved in:
| Published in | 计算机应用研究 Vol. 33; no. 6; pp. 1785 - 1790 |
|---|---|
| Main Author | |
| Format | Journal Article |
| Language | Chinese |
| Published |
数学工程与先进计算国家重点实验室,郑州,450000%数学工程与先进计算国家重点实验室,郑州 450000
2016
信息保障技术重点实验室,北京 100101%信息系统安全技术重点实验室,北京,100101 |
| Subjects | |
| Online Access | Get full text |
| ISSN | 1001-3695 |
| DOI | 10.3969/j.issn.1001-3695.2016.06.041 |
Cover
| Summary: | "棱镜门"事件的曝出,使得Cisco路由器的安全性问题越来越受到重视。从提升网络环境安全性的角度出发,提出了一种基于动态污点分析的Cisco IOS内存溢出攻击检测方法。首先,通过分析Cisco IOS的指令格式,根据指令的特点制定相应的污点传播规则,实现了对Cisco IOS的动态污点分析;其次,通过定位Cisco IOS中的安全库函数来确定安全性检测点,并通过检查安全库函数参数的污点属性来判定攻击。实验结果证明,该方法可以有效地检测针对Cisco IOS的内存溢出攻击,并可以追踪攻击的来源,有利于网络安全性的提升。 |
|---|---|
| Bibliography: | 51-1196/TP Peng Fei, Wu Dongying , Liu Shengli, Xiao Da , Wang Dongxia( 1. State Key Laboratory of Mathematical Engineering & Advanced Computing, Zhengzhou 450000, China ; 2. Key Laboratory of Information Assurance Technology, Beijing 100101, China; 3. National Key Laboratory of Science & Technology on Information System Security, Beijing 100101, China) The exposure of "prism",making the Cisco router's security issues receive more and more attention. From the point of enhancing the cyper security,this paper proposed a memory overflow attack detection method based on dynamic taint analysis for Cisco IOS. Firstly,by analyzing the command format of Cisco IOS,it made different taint propagation rules for appropriate instructions and realizes the dynamic tainted analysis of Cisco IOS. Secondly,by positioning the security library functions in Cisco IOS to detectmine the safety detection points,it determined attack based on the taint property checking of parameters of security library functions. Experiment results dem |
| ISSN: | 1001-3695 |
| DOI: | 10.3969/j.issn.1001-3695.2016.06.041 |