CT: New Techniques for Attack Detection, Prevention and Immunization

CT：攻击检测、预防和免疫的新技术

• 批准号: 0627687
• 负责人: Ramasubramanian Sekar
• 金额: $ 35万
• 依托单位: SUNY at Stony Brook
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2006
• 资助国家: 美国
• 起止时间: 2006-09-01 至 2010-08-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=0627687&HistoricalAwards=false
• 关键词: CT; New; Techniques; Attack; Detection

Software vulnerabilities have been the biggest culprit behind cyberattacks in the past several years. A handful of vulnerabilities, such asbuffer overflows, format string, SQL injection, command injection,cross-site scripting, and directory traversals, have come to dominate,accounting for about 70% of the CVE vulnerabilities reported in the lasttwo years. Although that these vulnerabilities are well understood anddocumented, their number continues to escalate from one year to the next.New vulnerabilities continue to be discovered in recently releasedsoftware, as well as established software.This will develop novel techniques for defending applications from knownas well as unknown attacks, and for immunizing applications from futureattack instances. The proposed approach can thus protect the integrity aswell as the availability of vulnerable applications. A central componentof the proposed approach is an efficient fine-grained dynamic taintanalysis that tracks the flow of untrusted information through avulnerable program. Both specification-based and anomaly-based attackdetection techniques can be made highly versatile and accurate by usingfine-grained taint, and can stop the wide range of attacks mentionedabove. Taint analysis will also form the basis of an immunizationtechnique that is based on learning input filters that characterizeattack-bearing inputs, and selectively discarding such inputs.The proposed work can address multi-billion dollar losses experienced dueto cyber attacks, since it can stop most types of exploits before theycause damage. To maximize impact, the techniques developed in the projectwill be implemented into open-source software prototypes.

过去几年，软件漏洞一直是网络攻击的罪魁祸首。缓冲区溢出、格式字符串、SQL注入、命令注入、跨站点脚本和目录遍历等少数漏洞已经占据主导地位，在过去两年中报告的CVE漏洞中约占70%。尽管这些漏洞被很好地理解和记录，但它们的数量仍在逐年上升。在最近发布的软件以及已建立的软件中不断发现新的漏洞。这将开发新的技术来保护应用程序免受已知和未知的攻击，并使应用程序免受未来的攻击实例。因此，所提出的方法可以保护易受攻击应用程序的完整性和可用性。该方法的一个核心组件是一种有效的细粒度动态污染分析，用于跟踪通过易受攻击程序的不可信信息流。基于规范和基于异常的攻击检测技术都可以通过使用细粒度的污染来实现高度通用性和准确性，并且可以阻止上述广泛的攻击。污染分析也将构成免疫技术的基础，该技术基于学习输入过滤器，该过滤器表征攻击承受输入，并有选择地丢弃这些输入。这项提议的工作可以解决网络攻击造成的数十亿美元损失，因为它可以在大多数类型的攻击造成损害之前阻止它们。为了最大限度地发挥作用，项目中开发的技术将被实现到开源软件原型中。