CT: New Techniques for Attack Detection, Prevention and Immunization

CT：攻击检测、预防和免疫的新技术

• 批准号: 0627687
• 负责人: Ramasubramanian Sekar
• 金额: $ 35万
• 依托单位: SUNY at Stony Brook
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2006
• 资助国家: 美国
• 起止时间: 2006-09-01 至 2010-08-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=0627687&HistoricalAwards=false
• 关键词: CT; New; Techniques; Attack; Detection

Software vulnerabilities have been the biggest culprit behind cyberattacks in the past several years. A handful of vulnerabilities, such asbuffer overflows, format string, SQL injection, command injection,cross-site scripting, and directory traversals, have come to dominate,accounting for about 70% of the CVE vulnerabilities reported in the lasttwo years. Although that these vulnerabilities are well understood anddocumented, their number continues to escalate from one year to the next.New vulnerabilities continue to be discovered in recently releasedsoftware, as well as established software.This will develop novel techniques for defending applications from knownas well as unknown attacks, and for immunizing applications from futureattack instances. The proposed approach can thus protect the integrity aswell as the availability of vulnerable applications. A central componentof the proposed approach is an efficient fine-grained dynamic taintanalysis that tracks the flow of untrusted information through avulnerable program. Both specification-based and anomaly-based attackdetection techniques can be made highly versatile and accurate by usingfine-grained taint, and can stop the wide range of attacks mentionedabove. Taint analysis will also form the basis of an immunizationtechnique that is based on learning input filters that characterizeattack-bearing inputs, and selectively discarding such inputs.The proposed work can address multi-billion dollar losses experienced dueto cyber attacks, since it can stop most types of exploits before theycause damage. To maximize impact, the techniques developed in the projectwill be implemented into open-source software prototypes.

软件漏洞一直是过去几年网络攻击背后的最大罪魁祸首。缓冲区溢出、格式字符串、SQL 注入、命令注入、跨站脚本和目录遍历等少数漏洞已占据主导地位，约占过去两年报告的 CVE 漏洞的 70%。尽管这些漏洞已得到充分理解和记录，但它们的数量逐年增加。在最近发布的软件以及已建立的软件中不断发现新漏洞。这将开发用于保护应用程序免受已知和未知攻击的新技术攻击，以及使应用程序免受未来攻击实例的影响。因此，所提出的方法可以保护易受攻击的应用程序的完整性和可用性。所提出方法的核心组成部分是有效的细粒度动态污点分析，它通过易受攻击的程序跟踪不受信任的信息流。通过使用细粒度的污点，基于规范和基于异常的攻击检测技术都可以变得高度通用和准确，并且可以阻止上述广泛的攻击。污点分析还将构成免疫技术的基础，该技术基于学习输入过滤器来表征攻击输入，并有选择地丢弃此类输入。拟议的工作可以解决因网络攻击而造成的数十亿美元的损失，因为它可以阻止大多数类型的攻击在造成损害之前进行利用。为了最大限度地发挥影响，该项目中开发的技术将被实施到开源软件原型中。