ROPNN: Detection of ROP Payloads Using Deep Neural Networks
arXiv: Cryptography and Security(2018)
摘要
Return-oriented programming (ROP) is a code reuse attack that chains short
snippets of existing code to perform arbitrary operations on target machines.
Existing detection methods against ROP exhibit unsatisfactory detection
accuracy and/or have high runtime overhead.
In this paper, we present ROPNN, which innovatively combines address space
layout guided disassembly and deep neural networks to detect ROP payloads. The
disassembler treats application input data as code pointers and aims to find
any potential gadget chains, which are then classified by a deep neural network
as benign or malicious. Our experiments show that ROPNN has high detection rate
(99.3
all of the 100 real-world ROP exploits that are collected in-the-wild, created
manually or created by ROP exploit generation tools. Additionally, ROPNN
detects all 10 ROP exploits that can bypass Bin-CFI. ROPNN is non-intrusive and
does not incur any runtime overhead to the protected program.
更多查看译文
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要