使用近重复检测算法量化软件多样性的有效性

Joel Coffman, A. Chakravarty, Joshua A. Russo, A. Gearhart
{"title":"使用近重复检测算法量化软件多样性的有效性","authors":"Joel Coffman, A. Chakravarty, Joshua A. Russo, A. Gearhart","doi":"10.1145/3268966.3268974","DOIUrl":null,"url":null,"abstract":"Software diversity is touted as a way to substantially increase the cost of cyber attacks by limiting an attacker's ability to reuse exploits across diversified variants of an application. Despite the number of diversity techniques that have been described in the research literature, little is known about their effectiveness. In this paper, we consider near-duplicate detection algorithms as a way to measure the static aspects of software diversity---viz., their ability to recognize variants of an application. Due to the widely varying results reported by previous studies, we describe a novel technique for measuring the similarity of applications that share libraries. We use this technique to systematically compare various near-duplication detection algorithms and demonstrate their wide range in effectiveness, including for real-world tasks such as malware triage. In addition, we use these algorithms as a way to assess the relative strength of various diversity strategies, from recompilation with different compilers and optimization levels to techniques specifically designed to thwart exploit reuse. Our results indicate that even small changes to a binary disproportionately affect the similarity reported by near-duplicate detection algorithms. In addition, we observe a wide range in the effectiveness of various diversity strategies.","PeriodicalId":20619,"journal":{"name":"Proceedings of the 5th ACM Workshop on Moving Target Defense","volume":"33 1","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2018-01-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":"{\"title\":\"Quantifying the Effectiveness of Software Diversity using Near-Duplicate Detection Algorithms\",\"authors\":\"Joel Coffman, A. Chakravarty, Joshua A. Russo, A. Gearhart\",\"doi\":\"10.1145/3268966.3268974\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Software diversity is touted as a way to substantially increase the cost of cyber attacks by limiting an attacker's ability to reuse exploits across diversified variants of an application. Despite the number of diversity techniques that have been described in the research literature, little is known about their effectiveness. In this paper, we consider near-duplicate detection algorithms as a way to measure the static aspects of software diversity---viz., their ability to recognize variants of an application. Due to the widely varying results reported by previous studies, we describe a novel technique for measuring the similarity of applications that share libraries. We use this technique to systematically compare various near-duplication detection algorithms and demonstrate their wide range in effectiveness, including for real-world tasks such as malware triage. In addition, we use these algorithms as a way to assess the relative strength of various diversity strategies, from recompilation with different compilers and optimization levels to techniques specifically designed to thwart exploit reuse. Our results indicate that even small changes to a binary disproportionately affect the similarity reported by near-duplicate detection algorithms. In addition, we observe a wide range in the effectiveness of various diversity strategies.\",\"PeriodicalId\":20619,\"journal\":{\"name\":\"Proceedings of the 5th ACM Workshop on Moving Target Defense\",\"volume\":\"33 1\",\"pages\":\"\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2018-01-15\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"4\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 5th ACM Workshop on Moving Target Defense\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3268966.3268974\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 5th ACM Workshop on Moving Target Defense","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3268966.3268974","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 4

摘要

软件多样性被吹捧为一种通过限制攻击者在应用程序的不同变体之间重用漏洞的能力来大幅增加网络攻击成本的方法。尽管研究文献中描述了许多多样性技术,但人们对它们的有效性知之甚少。在本文中,我们考虑近重复检测算法作为测量软件多样性的静态方面的一种方法。即识别应用程序变体的能力。由于以前的研究报告的结果差异很大,我们描述了一种测量共享库的应用程序相似性的新技术。我们使用该技术系统地比较各种近重复检测算法,并展示其广泛的有效性,包括用于现实世界的任务,如恶意软件分类。此外,我们使用这些算法来评估各种多样性策略的相对强度,从使用不同编译器和优化级别的重新编译到专门设计用于阻止利用重用的技术。我们的研究结果表明,即使对二进制的微小变化也会不成比例地影响近重复检测算法报告的相似性。此外,我们观察到各种多样性策略的有效性差异很大。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
Quantifying the Effectiveness of Software Diversity using Near-Duplicate Detection Algorithms
Software diversity is touted as a way to substantially increase the cost of cyber attacks by limiting an attacker's ability to reuse exploits across diversified variants of an application. Despite the number of diversity techniques that have been described in the research literature, little is known about their effectiveness. In this paper, we consider near-duplicate detection algorithms as a way to measure the static aspects of software diversity---viz., their ability to recognize variants of an application. Due to the widely varying results reported by previous studies, we describe a novel technique for measuring the similarity of applications that share libraries. We use this technique to systematically compare various near-duplication detection algorithms and demonstrate their wide range in effectiveness, including for real-world tasks such as malware triage. In addition, we use these algorithms as a way to assess the relative strength of various diversity strategies, from recompilation with different compilers and optimization levels to techniques specifically designed to thwart exploit reuse. Our results indicate that even small changes to a binary disproportionately affect the similarity reported by near-duplicate detection algorithms. In addition, we observe a wide range in the effectiveness of various diversity strategies.
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信