Detection and Elimination of "Buffer-Overflow" Based on GECISM
|Course||Applied Computer Technology|
|Keywords||Buffer overflow System calls Binary Tree Identification Eliminate|
Buffer overflow vulnerabilities are very common, can exist in Windows, Unix, Netware, SQL Sever , and other systems and applications , so buffer overflow attack technique has become a broad and basic attack technology, and has become the current attack technology is the main direction of development. Buffer overflow attack is a common means of execution of the program by changing the flow , turn to execute code of their implanted intrusion , then get the system root privileges on the system pose a huge threat to mimic biological immune system in this paper the design of computer security system model GECISM (GEneral Computer Immune System Model) was constructed on the basis of DAE (Detecting And Eliminating) Agent. This agent can be the first blur detection , accurate detection of a second to determine whether a buffer overflow attack occurs , and thus the position of the invasion by positioning the invasion to eliminate . And in the following aspects of the \objects defined in the Linux system through a system call and return address of the vector , the use of this particular binary vector data structures stored for precise detection of the second ; using exception handling mechanism , the handler is written in advance training set of objects , save function runtime stack information, if the invasion is start the mechanism that allows the program to run the invasion restored to the initial state , to minimize the harm caused by the invasion .