Buffer Overflow Attack Blocker Using Sigfree Concept
SigFree - online signature-free out-of-the-box application-layer method for blocking code-injection buffer overflow attack messages targeting at various Internet services such as web service. Motivated by the observation that buffer overflow attacks typically contain executables whereas legitimate client requests never contain executables in most Internet services, SigFree blocks attacks by detecting the presence of code. SigFree is signature free, thus it can block new and unknown buffer overflow attacks. SigFree is also immunized from most attack-side code obfuscation methods. The authors focus on buffer overflow attacks whose payloads contain executable code in machine language, and they assume normal requests do not contain executable machine code.