Code-injection Buffer Overflow Attack Blocker

Abstract — Code injection buffer overflow attack blocker propose a real time, application layer blocker for preventing buffer overflow attacks and all types of code injection message. It can filter out code-injection and buffer overflow attack messages targeting at various Internet services such as web service. This paper is specifically works on the observation that buffer overflow attacks typically contain executables whereas lawful client requests never contain executables in most internet services, it blocks attacks by detecting the presence of code. System first simply dissembles and extracts instruction sequences from a request, then applies a technique called code abstraction, which uses data flow anomaly to remove useless instructions in an instruction sequence. Finally it compares the number of useful instructions to a threshold to determine if this instruction sequence contains code. Code injection buffer overflow attack blocker does not work on any pre-known pattern, thus it can block any new and unknown buffer overflow attacks. As there is no need to do any modifications in software or hardware at server so blocker is transparent to the servers being protected. Its deployment and maintenance cost is also very less so it is good for deployment in internet services. We proposed code injection buffer overflow attack blocker; could block all types of code injection attack packets, with less throughput degradation to normal client requests.