中文摘要：

提出了一种基于进程异常场景分析的代码注入攻击自动分析和响应系统．该系统根据进程异常场景自动分析攻击载荷句法，并生成面向漏洞的攻击特征，由该攻击特征，可以识别和阻断基于同一未知漏洞同种利用方式的各种代码注入攻击的变形．通过在生成攻击特征以及响应攻击的过程中结合网络协议和进程的状态，可以在不升高检测漏警概率的前提下显著地降低响应虚警概率和系统对外服务的响应时间、另外，还简要介绍了基于Linux和Windows2000的原型系统，并给出了功能和性能的实验结果.

英文摘要：

The paper presents a code-injection attack automatic analyses and response system. By means of analyzing abnormal scene and syntax of data payload, it generates vulnerability-oriented signatures which are used to filter off variant form of code injection attack based on same attack scheme of same vulnerability. By combining with protocol state and process state during signatures generating and attack responding process, very low false positive rate and lagging without elevating false negative rate can be gained. Some technical details of the protocol type system on Linux and Windows 2000 and experimental results are also presented.