CT: New Techniques for Attack Detection, Prevention and Immunization

CT：攻击检测、预防和免疫的新技术

• 批准号: 0627687
• 负责人: Ramasubramanian Sekar
• 金额: $ 35万
• 依托单位: SUNY at Stony Brook
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2006
• 资助国家: 美国
• 起止时间: 2006-09-01 至 2010-08-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=0627687&HistoricalAwards=false
• 关键词: CT; New; Techniques; Attack; Detection

Software vulnerabilities have been the biggest culprit behind cyberattacks in the past several years. A handful of vulnerabilities, such asbuffer overflows, format string, SQL injection, command injection,cross-site scripting, and directory traversals, have come to dominate,accounting for about 70% of the CVE vulnerabilities reported in the lasttwo years. Although that these vulnerabilities are well understood anddocumented, their number continues to escalate from one year to the next.New vulnerabilities continue to be discovered in recently releasedsoftware, as well as established software.This will develop novel techniques for defending applications from knownas well as unknown attacks, and for immunizing applications from futureattack instances. The proposed approach can thus protect the integrity aswell as the availability of vulnerable applications. A central componentof the proposed approach is an efficient fine-grained dynamic taintanalysis that tracks the flow of untrusted information through avulnerable program. Both specification-based and anomaly-based attackdetection techniques can be made highly versatile and accurate by usingfine-grained taint, and can stop the wide range of attacks mentionedabove. Taint analysis will also form the basis of an immunizationtechnique that is based on learning input filters that characterizeattack-bearing inputs, and selectively discarding such inputs.The proposed work can address multi-billion dollar losses experienced dueto cyber attacks, since it can stop most types of exploits before theycause damage. To maximize impact, the techniques developed in the projectwill be implemented into open-source software prototypes.

在过去几年中，软件漏洞一直是网络攻击背后的最大罪魁祸首。少数几个漏洞，例如Asbuffer溢出，格式弦，SQL注入，指挥注射，跨站点脚本和目录遍历，已经占据主导地位，约占Lasttwo年份报道的CVE漏洞的70％。尽管这些漏洞已得到充分理解和记录，但它们的数量继续从一年升级到下一年。在最近发布的软件以及既定的软件中继续发现新的漏洞，并在既定的软件中都发现了新的技术，以开发出从已知的无知攻击中捍卫应用程序的新技术，并从未知的攻击中以及从FutureAteatTack Instances中免疫应用程序。因此，所提出的方法可以保护完整性以及脆弱应用程序的可用性。所提出的方法的中心是有效的细粒动态触觉，该分析通过可移植程序跟踪不受信任信息的流动。基于规范和基于异常的攻击技术都可以通过使用粉红色的污染来高度和准确，并且可以阻止提到的广泛攻击。 TAINT分析还将构成一种免疫技术的基础，该技术基于学习输入的学习输入过滤器，并有选择地丢弃此类输入。拟议的工作可以解决经验丰富的数十亿美元的损失，因为它可以在损害损坏之前停止大多数类型的利用。为了最大程度地发挥影响，项目将在开源软件原型中实施的技术。