Code-Reuse Attack Detection Using Kullback-Leibler Divergence in IoT

J. Ho
{"title":"Code-Reuse Attack Detection Using Kullback-Leibler Divergence in IoT","authors":"J. Ho","doi":"10.7236/IJASC.2016.5.4.54","DOIUrl":null,"url":null,"abstract":"Code-reuse attacks are very dangerous in various systems. This is because they do not inject malicious codes into target systems, but reuse the instruction sequences in executable files or libraries of target systems. Moreover, code-reuse attacks could be more harmful to IoT systems in the sense that it may not be easy to devise efficient and effective mechanism for code-reuse attack detection in resource-restricted IoT devices. In this paper, we propose a detection scheme with using Kullback-Leibler (KL) divergence to combat against code-reuse attacks in IoT. Specifically, we detect code-reuse attacks by calculating KL divergence between the probability distributions of the packets that generate from IoT devices and contain code region addresses in memory system and the probability distributions of the packets that come to IoT devices and contain code region addresses in memory system, checking if the computed KL divergence is abnormal.","PeriodicalId":297506,"journal":{"name":"The International Journal of Advanced Smart Convergence","volume":"57 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-12-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"The International Journal of Advanced Smart Convergence","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.7236/IJASC.2016.5.4.54","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 3

Abstract

Code-reuse attacks are very dangerous in various systems. This is because they do not inject malicious codes into target systems, but reuse the instruction sequences in executable files or libraries of target systems. Moreover, code-reuse attacks could be more harmful to IoT systems in the sense that it may not be easy to devise efficient and effective mechanism for code-reuse attack detection in resource-restricted IoT devices. In this paper, we propose a detection scheme with using Kullback-Leibler (KL) divergence to combat against code-reuse attacks in IoT. Specifically, we detect code-reuse attacks by calculating KL divergence between the probability distributions of the packets that generate from IoT devices and contain code region addresses in memory system and the probability distributions of the packets that come to IoT devices and contain code region addresses in memory system, checking if the computed KL divergence is abnormal.
物联网中基于Kullback-Leibler散度的代码重用攻击检测
代码重用攻击在各种系统中都是非常危险的。这是因为它们不会将恶意代码注入目标系统,而是重用目标系统的可执行文件或库中的指令序列。此外,代码重用攻击对物联网系统的危害更大,因为在资源受限的物联网设备中,可能不容易设计出高效有效的代码重用攻击检测机制。在本文中,我们提出了一种利用Kullback-Leibler (KL)发散来对抗物联网中的代码重用攻击的检测方案。具体来说,我们通过计算从物联网设备产生的包含内存系统代码区域地址的数据包的概率分布与到达物联网设备并包含内存系统代码区域地址的数据包的概率分布之间的KL散度来检测代码重用攻击,检查计算的KL散度是否异常。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信