The paper presents an analysis of the principle of stack buffer overflow attacks and basic attack patterns for Intel 80×86 architecture and C/C++.Then,the merits and drawbacks of the existing dynamic buffer overflow prevention methods are discussed.On the basis of the address obfuscation and integrity checking,this paper presents a new dynamic buffer overflow prevention method based on k circular random sequence.This improved prevention method can defend attacks of multiple patterns with high probability and enhance the intrusion-tolerance capability of the vulnerable software.