ROPGMN: Effective ROP and variants discovery using dynamic feature and graph matching network

IF 6.2 2区 计算机科学 Q1 COMPUTER SCIENCE, THEORY & METHODS
Weina Niu , Kexuan Zhang , Ran Yan , Jie Li , Yan Zhang , Xiaosong Zhang
{"title":"ROPGMN: Effective ROP and variants discovery using dynamic feature and graph matching network","authors":"Weina Niu ,&nbsp;Kexuan Zhang ,&nbsp;Ran Yan ,&nbsp;Jie Li ,&nbsp;Yan Zhang ,&nbsp;Xiaosong Zhang","doi":"10.1016/j.future.2024.107567","DOIUrl":null,"url":null,"abstract":"<div><div>Return Oriented Programming (ROP) is one of the most challenging threats to operating systems. Traditional detection and defense techniques for ROP such as stack protection, address randomization, compiler optimization, control flow integrity, and basic block thresholds have certain limitations in accuracy or efficiency. At the same time, they cannot effectively detect ROP variant attacks, such as COP, COOP, JOP. In this paper, we propose a novel ROP and its variants detection approach that first filters the normal execution flow according to four strategies provided and then adopts Graph Matching Network (GMN) to determine whether there is ROP or its variant attack. Moreover, we developed a prototype named ROPGMN with shared memory to solve cross-language and cross-process problems. Using real-world vulnerable programs and constructed programs with dangerous function calls, we conduct extensive experiments with 6 ROP detectors to evaluate ROPGMN. The experimental results demonstrate the effectiveness of ROPGMN in discovering ROPs and their variant attacks with low performance overhead.</div></div>","PeriodicalId":55132,"journal":{"name":"Future Generation Computer Systems-The International Journal of Escience","volume":"164 ","pages":"Article 107567"},"PeriodicalIF":6.2000,"publicationDate":"2024-10-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Future Generation Computer Systems-The International Journal of Escience","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0167739X24005314","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, THEORY & METHODS","Score":null,"Total":0}
引用次数: 0

Abstract

Return Oriented Programming (ROP) is one of the most challenging threats to operating systems. Traditional detection and defense techniques for ROP such as stack protection, address randomization, compiler optimization, control flow integrity, and basic block thresholds have certain limitations in accuracy or efficiency. At the same time, they cannot effectively detect ROP variant attacks, such as COP, COOP, JOP. In this paper, we propose a novel ROP and its variants detection approach that first filters the normal execution flow according to four strategies provided and then adopts Graph Matching Network (GMN) to determine whether there is ROP or its variant attack. Moreover, we developed a prototype named ROPGMN with shared memory to solve cross-language and cross-process problems. Using real-world vulnerable programs and constructed programs with dangerous function calls, we conduct extensive experiments with 6 ROP detectors to evaluate ROPGMN. The experimental results demonstrate the effectiveness of ROPGMN in discovering ROPs and their variant attacks with low performance overhead.
ROPGMN:利用动态特征和图匹配网络有效发现 ROP 和变体
面向返回编程(ROP)是操作系统面临的最具挑战性的威胁之一。传统的 ROP 检测和防御技术,如堆栈保护、地址随机化、编译器优化、控制流完整性和基本块阈值等,在准确性或效率上都有一定的局限性。同时,它们也无法有效检测 ROP 变体攻击,如 COP、COOP、JOP。本文提出了一种新的 ROP 及其变种检测方法,首先根据提供的四种策略过滤正常执行流,然后采用图形匹配网络(GMN)来判断是否存在 ROP 或其变种攻击。此外,我们还开发了一种名为 ROPGMN 的共享内存原型,用于解决跨语言和跨进程问题。我们使用真实世界中的脆弱程序和带有危险函数调用的构造程序,用 6 种 ROP 检测器进行了大量实验,以评估 ROPGMN。实验结果表明,ROPGMN 能以较低的性能开销有效地发现 ROP 及其变体攻击。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
CiteScore
19.90
自引率
2.70%
发文量
376
审稿时长
10.6 months
期刊介绍: Computing infrastructures and systems are constantly evolving, resulting in increasingly complex and collaborative scientific applications. To cope with these advancements, there is a growing need for collaborative tools that can effectively map, control, and execute these applications. Furthermore, with the explosion of Big Data, there is a requirement for innovative methods and infrastructures to collect, analyze, and derive meaningful insights from the vast amount of data generated. This necessitates the integration of computational and storage capabilities, databases, sensors, and human collaboration. Future Generation Computer Systems aims to pioneer advancements in distributed systems, collaborative environments, high-performance computing, and Big Data analytics. It strives to stay at the forefront of developments in grids, clouds, and the Internet of Things (IoT) to effectively address the challenges posed by these wide-area, fully distributed sensing and computing systems.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信