||In recent years, with the popularity of Internet, people exchange information to each other faster and conveniently. However, some malicious people try to steal the important information via Internet for personal benefit. Mostly, attackers use the Buffer Overflow Attacks to compromise other computers. This type of attacks result from that the program writes data into the buffer without boundary checking. This research will focus on the actions after discovering the Buffer Overflow Attacks. It just needs to modify Linux Operating System Kernel, and does not change the original hardware or software.|
Nowadays, the defenders use honeypot technology to attract attackers’ attention. By taking some unused computers as traps, attackers may consider they are compromising an important server. Therefore, we can get information about the attacks, like IP address or attack’s method. But there are still some restrictions about honeypot. Attackers recently also discover some ways to distinguish if the target server is a honeypot system. For this reason, this research will put the detection mechanism in the servers which contain the sensitive information attracting attackers the most. We will redirect the network packets which are considered attacking packets to another server, called victim server, which is used to examine the packet content. Eventually, we can construct a list with suspected attackers’ IP address. Also, with the reaction of victim server, we are able to understand the attackers’ technique and purpose, and achieve self-protect mechanism.
 Microsoft, HoneyMonkey,
 Y. M. Wang, D. Beck, X. Jiang, and R. Roussev. Automated Web Patrol with Strider HoneyMonkeys: Finding Web Sites That Exploited Browser Vulnerabilities. ftp://ftp.research.microsoft.com/pub/tr/TR-2005-72.pdf
 Niels Provos. A Virtual Honeypot Framework. Proceedings of the 13th USENIX Security Symposium, 2004.
 X. Jiang, X. Wang, Out-of-the-box Monitoring of VM-based High-Interaction Honeypots, Proceedings of the 10th International Symposium on Recent Advances in Intrusion Detection, September 2007.
 林忠立, 許富皓. MP: A Memory Protector against Stack-Based Buffer Overflow Attacks. 國立中央大學資訊工程系碩士論文
 C. C. Zou and R. Cunningham. Honeypot-Aware Advanced Botnet Construction and Maintenance. Dependable Systems and Network, 2006.
 Corrado Leita, Ken Mermoud, Marc Dacier. ScriptGen: an automated script generation tool for honeyd. Annual Computer Security Applications Conference, 2005.
 Corrado Leita, Marc Dacier, Frederic Massicotte. Automatic Handling of Protocol Dependencies and Reaction to 0-Day Attacks with ScriptGen Based Honeypots. Proceedings of the 9th International Symposium on Recent Advances in Intrusion Detection, 2006.
 Nick L. Petroni, Jr. and Michael Hicks. Automated Detection of Persistent Kernel Control-Flow Attacks. the ACM Conference on Computer and Communications Security (CCS), October 2007.
 The Bubblegum Proxypot
 Tian Bu, Aiyou Chen, Scott Vander Wiel and Thomas Woo. Design and Evaluation of a Fast and Robust Worm Detection Algorithm. IEEE INFOCOM, Barcelona, Spain, April, 2006.
 Fu-Hau Hsu, Fanglu Guo, and Tzi-cker Chiueh.Scalable Network-based Buffer Overflow Attack Detection. Proceedings of ACM/IEEE Symposium on Architectures for Networking and Communications Systems (ANCS 2006), San Jose, California, USA, December, 2006.
 Linux Networking Kernel
 Zhenkai Liang and R. Sekar. Fast and Automated Generation of Attack Signatures: A Basis for Building Self-Protecting Servers. Proceedings of the 12th ACM Conference on Computer and Communications Security.
 Michael Vrable, Justin Ma, Jay Chen, David Moore, Erik Vandekieft, Alex C. Snoeren, Geoffrey M. Voelker, and Stefan Savage. Scalability, Fidelity, and Containment in the Potemkin Virtual Honeyfarm. Proceedings of the ACM Symposium on Operating System Principles (SOSP), 2005.
 Xuxian Jiang and Dongyan Xu. Collapsar: A VM-Based Architecture for Network Attack Detention Center. Proceedings of 13th USENIX Security Symposium, 2004.
 Lance Spitznet. Honeypots: Catching the Insider Threat. Annual Computer Security Applications Conference, 2003
 Paul Baecher, Markus Koetter, Thorsten Holz, Maximillian Dornseif, and Felix Freiling. The Nepenthes Platform: An Efficient Approach to Collect Malware. The 9th International Symposium on Recent Advances in Intrusion Detection (RAID), Sept. 2006
 Wikipedia, ASCII Code
 Gaurav Kataria,Gaurav Anand, Rudolph Araujo, Ramayya Krishnan,Adrian Perrig. A Distributed Stealthy Coordination Mechanism for Worm Synchronizatio. IEEE Securecomm & Workshop, 2006.
 The PaX Address Space Layout Randomization Project
 K. G. Anagnostakis, S. Sidiroglou‡, P. Akritidis?, K. Xinidis?, E. Markatos, and A.D. Keromytis. Detecting Targeted Attacks Using Shadow Honeypots. Proceedings of the 14th USENIX Security Symposium, 2005.
 Honeynet Project. Know Your Enemy：Sebek – A kernel based data capture tool
 Edward Balas. Sebek – Convert Glass-Box Host Analysis. 12th USENIX Security Symposium Conference Reports
 M. Dornseif, T. Holz, C. N. Klein. NoSEBrEaK – Attacking Honeynets. Proceedings of the 2004 IEEE Workshop on Information and Security.
 E. Balas and C. Viecco. Towards a Third Generation Data Capture Architecture for Honeynets. Proceedings of the 2005 IEEE Workshop on Information Assurance and Security.
 Honeynet Project. Know Your Enemy：GenII Honeynet.
 S. Bhatkar, D. DuVarney, and R. Sekar. Address Obfuscation：An Efficient Approach to Combat a Broad Range of Memory Error Exploits. Proceedings of 12th USENIX Security Symposium, 2003.
 C. Kil, J. Jun, C. Bookholt, J. Xu, and P. Ning, Address Space Layout Permutation (ASLP): Towards Fine-Grained Randomization of Commodity Software. Annual Computer Security Applications Conference (ACSAC), 2006.
 H. Shacham, M. Page, B. Pfaff, E.-J. Goh, N. Modadugu, and D. Boneh. On the Effectiveness of Address Space Randomization. ACM Conf. on Computer and Communications Security, 2004.
 Anonymous. Bypassing PaX ASLR protection. Phrack, 11(59), July 2002.
 Nergal. The advanced return-into-lib(c) exploits: Pax case study. Phrack, 10(58), Dec. 2001
 Izik. Advanced Buffer Overflow Methods [or] Smack the Stack. 22nd Chaos Communication Congress, Dec. 2005.
 Phetips. Returning to %esp (Circumventing the VA kernel patch For Fun and Profit).
 X. Wang, C. Pan, P. Liu, and S. Zhu. SigFree：A Signature-Free Buffer Overflow Attack Blocker. 15th USENIX Security, 2006.
 W. Cui, M. Peinado, H. Wang, and M. Locasto. ShieldGen：Automatic Data Patch Generation for Unknown Vulnerabilities with Informed Probing. IEEE Symposium on Security and Privacy, 2007.