Data flow analysis based hostile attack detecting method

A data flow analysis, malicious attack technology, applied in data exchange network, digital transmission system, electrical components, etc., can solve the problem of high probability of false alarm

Inactive Publication Date: 2008-04-09
UNIV OF ELECTRONICS SCI & TECH OF CHINA
View PDF0 Cites 24 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The advantage of anomaly detection is that it does not require too much knowledge about system defects, has strong adaptability, and can detect unknown intrusions or new intrusion patterns, but this method has the disadvantage of high false positive probability

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Data flow analysis based hostile attack detecting method
  • Data flow analysis based hostile attack detecting method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0021] In order to make the object, technical solution and advantages of the present invention clearer, the present invention will be further described in detail below in conjunction with the accompanying drawings.

[0022] Referring to Fig. 1, the virtual execution unit loads the monitored program, and obtains the code flow of the target program after mastering the control right of the target binary program. The disassembly module is used to obtain the assembly instructions of the target code flow, and the basic blocks are obtained by analyzing these instructions. A basic block is an instruction sequence that does not contain a control flow transfer instruction, and then each instruction of each basic block is instructed separately.

[0023] When the target program receives external input data, the data marking component records the input data as infected data. During subsequent command execution, all operations on the infected data will be monitored, and the data tracking c...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to an attack detection method of computer security vulnerability. A detection system is composed of a dummy executing component, a data marking component, a data tracking component, a misuse detection component and a vulnerability analyzing component. The method comprises starting a program to be monitored by the dummy executing component, generating tainted data structure by the data marking component when an external input data is present, marking the propagated tainted data by the data tracking component, determining by the misuse detection component whether the use of the tainted data breaks the security rule and configuration, and collecting and analyzing information associated with the security vulnerability by the vulnerability analyzing component. The invention is suitable for hostile attack detection and analysis of security vulnerability during program running, thereby preventing the hostile attack behavior and providing the detailed information of the security vulnerability. The invention can detect most of the overflow security vulnerabilities without the need of source codes and with a zero misreport rate, and can provide sufficient information for automatically generating patches for the security vulnerability.

Description

technical field [0001] The invention relates to a malicious attack detection method based on data flow analysis, and belongs to the related fields of system security and network security. The invention is used for the detection and protection of the dynamic safety loophole of the running program. Background technique [0002] The current intrusion detection methods can be mainly divided into three categories, namely misuse detection and anomaly detection. Misuse detection detects intrusions by analyzing and expressing intrusion behaviors. This method generally expresses intrusion behaviors as a pattern or feature, and establishes an intrusion pattern feature library based on known intrusion behaviors and system defects. The actual behavior pattern of the monitored system or user is matched with the intrusion pattern, and whether there is an intrusion is judged according to the matching result. Misuse detection has a strong ability to detect known intrusions, but its disadv...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L12/24
Inventor 曹跃李毅超刘丹钱彦江崔甲
Owner UNIV OF ELECTRONICS SCI & TECH OF CHINA
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap