Intelligent detection method and device for return programming attack

A technology oriented to return and detection devices, applied in the field of intelligent detection, can solve the problems that cannot directly and effectively solve variant ROP attacks

Active Publication Date: 2022-08-09
UNIV OF ELECTRONICS SCI & TECH OF CHINA
View PDF16 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0011] Although defenses against ROP itself have been continuously proposed in recent years, and a variety of fine-grained randomization schemes h

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Intelligent detection method and device for return programming attack

Examples

Experimental program
Comparison scheme
Effect test

Embodiment

[0083] The present invention, in combination with the actual situation, briefly exemplifies some of the key contents in the technical solutions disclosed in the present invention as follows:

[0084] For the program executable file with buffer overflow vulnerability, the operating system is Ubuntu 18.04 version of the Linux operating system.

[0085] For the instrumentation of the program to be tested, the dynamic binary instrumentation framework Intel PIN is used. The PIN uses the buried point detection technology to bury some instructions in the program execution process, which can facilitate instruction identification and instruction statistics, and the PIN provides The rich API interface is available for users to call, and the dynamic execution flow of the program can be easily displayed in the form of assembly code through disassembly. The APIs used are provided by Intel PIN.

[0086] 1. System initialization: Obtain the executable file of the program software to be teste...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to the field of security detection, discloses an intelligent detection method and device for a return programming attack, belongs to the field of system underlying security detection, and aims to detect binary executable files of a program and process commercial software without a source code of a detected software program. According to the main scheme, the method comprises the steps that instrumentation is conducted on a tested program, the execution process of the tested program is output in the form of assembly codes through the disassembling technology, and then a program execution stream is obtained; performing real-time monitoring by utilizing the execution streams, and screening out suspicious program execution streams; according to the method, a suspicious program execution flow is subjected to secondary screening, an artificial intelligence model is utilized to accurately judge a suspicious ROP attack, whether ROP defense is started or not is determined according to a judgment result, and a time-limited alarm and active crash strategy is adopted for a program judged to be the ROP attack, so that the detected program is prevented from suffering from greater loss.

Description

technical field [0001] The invention belongs to the field of system bottom security detection, in particular to an intelligent detection method for return-oriented programming attacks. Background technique [0002] Today, cloud computing and mobile Internet technologies have become new trends, which on the one hand promote the development of informatization, and on the other hand bring new challenges to traditional system security models and protection technologies. The use of software security vulnerabilities is a common and critical technology. Attackers invade networks and systems through vulnerabilities, and then conduct further attacks such as stealing data and running malware. Program security plays a crucial role in the development and application of computers. With the development of security protection technology, attackers keep trying to exploit various vulnerabilities to attack programs. At first, the attacker tried to attack the control flow of the program, by i...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F21/56G06F11/36
CPCG06F21/566G06F11/3684Y02D10/00
Inventor 牛伟纳李杰张小松薛志行李梓慕严然朱宇坤
Owner UNIV OF ELECTRONICS SCI & TECH OF CHINA
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap