The illegitimate access coping rule generation method, the illegitimate access coping rule generation device, being the illegitimate access coping rule generation method which the illegitimate access coping rule generation device which does

摘要

PROBLEM TO BE SOLVED: To provide a new technique to eliminate vulnerability to attacking DoS by stack smashing.;SOLUTION: An input bucket is stored as a log. When a stack-smashing attack is detected, the position of a return address under the attack is determined and a position indicated by the position is regarded as a position where the trace of the attack starts. Next, the byte sequence that matches the trace of the attack for the longest period of time is detected and regarded as the trace of the attack. Also, the header information of the bucket indicated by the byte sequence corresponding to the longest period of time is obtained from the input bucket log. Rules to cope with unauthorized access are created which include as elements of the rules the byte sequence regarded as the trace of the attack and the header information of the byte sequence. The rules are distributed. After receiving the rules, the destination of the rules shuts off buckets sent from the outside that match the stack-smashing attack included in the rules.;COPYRIGHT: (C)2005,JPO&NCIPI