Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

ROP and variant attack dynamic detection method based on multi-strategy instruction detection

A technology of instruction detection and dynamic detection, applied in the field of memory attack and defense, can solve the problems of high performance overhead, high performance consumption, and large memory occupation, so as to reduce the false positive rate and false negative rate, and improve the accuracy rate.

Active Publication Date: 2019-05-17
BEIJING UNIV OF TECH
View PDF3 Cites 4 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Second, compared with the instruction-based detection method, the performance consumption of the stack-based detection method is too large
For example, the ROPdefender detection method based on the shadow stack needs to perform two operations on the stack, which has high performance overhead and takes up more memory.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • ROP and variant attack dynamic detection method based on multi-strategy instruction detection
  • ROP and variant attack dynamic detection method based on multi-strategy instruction detection
  • ROP and variant attack dynamic detection method based on multi-strategy instruction detection

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0054] Below in conjunction with accompanying drawing and specific embodiment, the present invention will be further described:

[0055] Key instruction detection (key instruction jump strategy and key instruction quantity balance strategy) proposed by the present invention and attack instruction fragment feature detection (attack instruction fragment size and continuous length judgment strategy) multi-strategy judgment ROP attack and variant attack detection method The overall framework of the system is attached figure 1 As shown, it mainly includes command analysis module, stub insertion module, process alarm and termination module.

[0056] The instrumentation module is mainly used to perform instruction-level instrumentation on the loaded target file (source code), and determine the location and content of the instrumentation by analyzing the type of the instruction. For example, after the ret instruction is detected, the ret analysis code is inserted before the ret instr...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses an ROP and variant attack dynamic detection method based on multi-strategy instruction detection. The method is based on a binary dynamic instrumentation technology to intercept an instruction, and adopts two strategy judgment methods of a key instruction detection strategy and an attack instruction fragment feature detection strategy to realize ROP attack and variant attack detection. And the key instruction detection strategy performs characteristic analysis according to the instruction address and the instruction quantity. And the attack instruction fragment featuredetection strategy comprises an attack instruction fragment size judgment strategy and an attack instruction fragment continuous length judgment strategy according to the attack function and complexity feature analysis. According to the method, a multi-layer detection strategy is adopted, four characteristic dimensions of instruction addresses, the number, attack functions and attack complexity are integrated from two aspects of normal and abnormal instruction characteristics, and detection of ROP attacks and variant attacks of the ROP attacks is comprehensively achieved by combining a deterministic detection method and an uncertain detection method. The method is low in performance consumption and small in occupied memory space.

Description

technical field [0001] The invention relates to a dynamic detection method for ROP and variant attacks based on multi-strategy command detection, in particular to a multi-strategy detection method for judging ROP attacks and variant attacks based on key command detection strategies and attack command segment detection strategies, which belongs to memory attack and defense field. Background technique [0002] Solar Designer proposed the return-into-libc attack technology in 1997 to replace the return address of the function with the address of the function code block in the libc library by exploiting the vulnerability, and directly transfer the control flow to the attack code composed of the attacker's pre-designed libc function piece. But once the libc developers remove the commonly used system and other library functions, the attack capability will be greatly restricted. Hovav Shacham proposed the ROP attack (Return-Oriented Programming) in 2007, by scanning the existing ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/52G06F21/56
Inventor 詹静张茜赵勇韩瑾夏晓晴
Owner BEIJING UNIV OF TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com