Illegitimate access coping rule formation method and illegitimate access coping method, being the method of forming the illegitimate access coping rule which is used in order filtering to do the illegitimate

摘要

PROBLEM TO BE SOLVED: To enable a defense against a stack-smashing attack that changes an attack code for each attack, when a buffer overflow occurs.;SOLUTION: A packet filtering rule (to deal unauthorized access) generator 1 detects a buffer overflow and extracts, as a mark of a stack-smashing attack, a frame pointer and a return address which are written when the buffer overflow occurs, and in accordance with an operating system, extracts a value of a pointer to an except handler, compares the value thereof with the byte sequence of an input packet log, and generates rules to deal unauthorized access. A packet filtering apparatus 2 receives the rules to deal unauthorized access from the packet filtering rule generator 1, registers the received rules and shuts off a packet of the stack-smashing attack transmitted from the outside on the basis of the registered rules to deal unauthorized access.;COPYRIGHT: (C)2005,JPO&NCIPI