DeepCheck: A Non-intrusive Control-flow Integrity Checking based on Deep Learning

05/06/2019
by   Jiliang Zhang, et al.
0

Code reuse attack (CRA) is a powerful attack that reuses existing codes to hijack the program control flow. Control flow integrity (CFI) is one of the most popular mechanisms to prevent against CRAs. However, current CFI techniques are difficult to be deployed in real applications due to suffering several issues such as modifying binaries or compiler, extending instruction set architectures (ISA) and incurring unacceptable runtime overhead. To address these issues, we propose the first deep learning-based CFI technique, named DeepCheck, where the control flow graph (CFG) is split into chains for deep neural network (DNN) training. Then the integrity features of CFG can be learned by DNN to detect abnormal control flows. DeepCheck does not interrupt the application and hence incurs zero runtime overhead. Experimental results on Adobe Flash Player, Nginx, Proftpd and Firefox show that the average detection accuracy of DeepCheck is as high as 98.9 by ROPGadget and Ropper are used to further test the effectiveness, which shows that the detection success rate reaches 100

READ FULL TEXT

page 1

page 2

page 3

page 4

research
03/22/2023

LoadLord: Loading on the Fly to Defend Against Code-Reuse Attacks

Code-reuse attacks have become a kind of common attack method, in which ...
research
01/23/2018

HCIC: Hardware-assisted Control-flow Integrity Checking

Recently, code reuse attacks (CRAs), such as return-oriented programming...
research
07/29/2018

ROPNN: Detection of ROP Payloads Using Deep Neural Networks

Return-oriented programming (ROP) is a code reuse attack that chains sho...
research
07/07/2019

Detecting Fault Injection Attacks with Runtime Verification

Fault injections are increasingly used to attack secure applications. So...
research
10/22/2021

ReCFA: Resilient Control-Flow Attestation

Recent IoT applications gradually adapt more complicated end systems wit...
research
10/24/2018

On the Effectiveness of Type-based Control Flow Integrity

Control flow integrity (CFI) has received significant attention in the c...
research
02/19/2021

Toward Taming the Overhead Monster for Data-Flow Integrity

Data-Flow Integrity (DFI) is a well-known approach to effectively detect...

Please sign up or login with your details

Forgot password? Click here to reset