中文摘要：

介绍一种利用YACC（Yet Another Compiler-Compiler）技术实现检测网络服务器程序异常行为的新方法。该方法用一种携带语义标注的上下文无关文法描述服务器程序正常行为模式,利用YACC自动生成的语法分析器构成异常检测引擎,并利用YACC提供的错误处理和语义处理接口对异常现场进行分析。实验结果表明,该方法不仅能有效检测各种利用服务器程序漏洞进行的缓冲区溢出、堆内存破环等入侵方式,而且能实时地对异常行为进行分析追踪并向安全管理人员提供入侵相关详细信息,而这种能力正是目前同类方法所缺乏的。

英文摘要：

A new method to implement server-program-based anomaly detection using YACC is proposed,in which normal server program behavior is represented by a context-free grammar carried Semantic Label.This method makes use of parser which is automatically generated by YACC as anomaly detecting engine,utilizes the Error-Handling interface and the Semantic subroutine of YACC to analyse anomalous event.Experimental results show that the method can not only detect effective various attacks exploiting vulnerabilities existing in server programs,but also analyses anomalous behavior and provides detailed information about the intrusion,and this capability is currently lacking in the same way.