%0 Journal Article
%T 采用控制流监控的Cisco IOS指针攻击检测方法<br>A Method for Detecting Cisco IOS Pointer Attack Using Control Flow Monitoring
%A 刘胜利
%A 邹睿
%A 彭飞
%A 武东英
%A 肖达
%J 西安交通大学学报
%D 2015
%R 10.7652/xjtuxb201512011
%X 针对当前Cisco IOS(internetwork operating system)漏洞攻击检测方法检测效率低的问题,提出了一种采用控制流监控来判定Cisco IOS指针攻击的方法。该方法通过静态分析和动态跟踪相结合的方式对Cisco IOS中不同类别的控制流分别构造合法转移地址集合(legal transfer address collection,LTAC),并在发生控制流转移时将转移地址在LTAC之外的控制流判定为攻击,同时捕获异常控制流转移的详细信息。实验结果表明:该方法可以准确地捕获针对Cisco IOS的指针攻击,支持对攻击过程的分析,与现有的Cisco IOS漏洞攻击检测方法相比,具有较高的检测效率,能够为网络安全性的提升提供帮助。<br>A method to detect Cisco IOS(internetwork operating system) pointer attacks using control flow monitoring is proposed to solve the problem that current methods for detecting exploit attacks have low detection efficiency. Legal transfer address collection (LTAC) is constructed for different categories of control flows through a combination of static analysis and dynamic tracking. When an event of control flow transfer occurs, the control flow with jump address out of LTAC will be determined to be an attack and the details of the exception control flow transfer can be captured. Experimental results show that the proposed method can accurately capture pointer attacks against Cisco IOS, and support the analysis of attack process. Comparisons with the current detection methods show that the proposed method has higher detection efficiency, and can help to enhance network security
%K Cisco IOS
%K 指针攻击
%K 控制流监控
%K 网络安全
%K 攻击检测&lt
%K br&gt
%K Cisco IOS
%K pointer attack
%K control flow monitoring
%K cyber security
%K attack detection
%U http://zkxb.xjtu.edu.cn/oa/DArticle.aspx?type=view&id=201512011