Buffer Overflow Attack Blocker using SIGFREE Concept

SigFree - online signature-free out-of-the-box application-layer method for blocking code-injection buffer overflow attack messages targeting at various Internet services such as web service. Motivated by the observation that buffer overflow attacks typically contain executables whereas legitimate client requests never contain executables in most Internet services, SigFree blocks attacks by detecting the presence of code. SigFree is signature free, thus it can block new and unknown buffer overflow attacks. SigFree is also immunized from most attack-side code obfuscation methods. We focus on buffer overflow attacks whose payloads contain executable code in machine language, and we assume normal requests do not contain executable machine code. We shows that the dependency-degree-based SigFree could block all types of code-injection attack packets tested in our experiments with very few false positives