Automatic generation of buffer overflow attack signatures: An approach based on program behavior models

  • Liang Z
  • Sekar R
  • 21


    Mendeley users who have this article in their library.
  • 31


    Citations of this article.


Buffer overflows have become the most common target for network-based attacks. They are also the primary mechanism used by worms and other forms of automated attacks. Although many techniques have been developed to prevent server compromises due to buffer overflows, these defenses still lead to server crashes. When attacks occur repeatedly, as is common with automated attacks, these protection mechanisms lead to repeated restarts of the victim application, rendering its service unavailable. To overcome this problem, we develop a new approach that can learn the characteristics of a particular attack, and filter out future instances of the same attack or its variants. By doing so, our approach significantly increases the availability of servers subjected to repeated attacks. The approach is fully automatic, does not require source code, and has low runtime overheads. In our experiments, it was effective against most attacks, and did not produce any false positives

Get free article suggestions today

Mendeley saves you time finding and organizing research

Sign up here
Already have an account ?Sign in

Find this document


  • Zhenkai Liang

  • R. Sekar

Cite this document

Choose a citation style from the tabs below

Save time finding and organizing research with Mendeley

Sign up for free