Exploit detection based on illegal control flow transfers identification
In order to deal with exploit attacks such as APT,an approach was proposed to detect exploits based on illegal control flow transfers identification.Both static and dynamic analysis methods were performed to construct the CFSO (control flow safety outline),which was used to restrict the targets of c...
Saved in:
| Main Authors: | , , |
|---|---|
| Format: | Article |
| Language: | zho |
| Published: |
Editorial Department of Journal on Communications
2014-09-01
|
| Series: | Tongxin xuebao |
| Subjects: | |
| Online Access: | http://www.joconline.com.cn/zh/article/doi/10.3969/j.issn.1000-436x.2014.09.003/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1841539767317037056 |
|---|---|
| author | Ming-hua WANG Ling-yun YING Deng-guo FENG |
| author_facet | Ming-hua WANG Ling-yun YING Deng-guo FENG |
| author_sort | Ming-hua WANG |
| collection | DOAJ |
| description | In order to deal with exploit attacks such as APT,an approach was proposed to detect exploits based on illegal control flow transfers identification.Both static and dynamic analysis methods were performed to construct the CFSO (control flow safety outline),which was used to restrict the targets of control flow transfers occurred during the target program's running.When a call/ret/jmp was about to execute,the target was checked according to the CFSO.The illegal control flow transfer is considered as an exploit attack and all the following attacking steps could be captured.The ex-periment also showed that proposed method had decent overhead and could be applied to detect exploits online. |
| format | Article |
| id | doaj-art-d3474931aebf4cc8af8dd482423487a5 |
| institution | Kabale University |
| issn | 1000-436X |
| language | zho |
| publishDate | 2014-09-01 |
| publisher | Editorial Department of Journal on Communications |
| record_format | Article |
| series | Tongxin xuebao |
| spelling | doaj-art-d3474931aebf4cc8af8dd482423487a52025-01-14T06:43:56ZzhoEditorial Department of Journal on CommunicationsTongxin xuebao1000-436X2014-09-0135203159683940Exploit detection based on illegal control flow transfers identificationMing-hua WANGLing-yun YINGDeng-guo FENGIn order to deal with exploit attacks such as APT,an approach was proposed to detect exploits based on illegal control flow transfers identification.Both static and dynamic analysis methods were performed to construct the CFSO (control flow safety outline),which was used to restrict the targets of control flow transfers occurred during the target program's running.When a call/ret/jmp was about to execute,the target was checked according to the CFSO.The illegal control flow transfer is considered as an exploit attack and all the following attacking steps could be captured.The ex-periment also showed that proposed method had decent overhead and could be applied to detect exploits online.http://www.joconline.com.cn/zh/article/doi/10.3969/j.issn.1000-436x.2014.09.003/software vulnerabilityexploitattack detectionaddress space layout randomizationdata execution pro-tection |
| spellingShingle | Ming-hua WANG Ling-yun YING Deng-guo FENG Exploit detection based on illegal control flow transfers identification Tongxin xuebao software vulnerability exploit attack detection address space layout randomization data execution pro-tection |
| title | Exploit detection based on illegal control flow transfers identification |
| title_full | Exploit detection based on illegal control flow transfers identification |
| title_fullStr | Exploit detection based on illegal control flow transfers identification |
| title_full_unstemmed | Exploit detection based on illegal control flow transfers identification |
| title_short | Exploit detection based on illegal control flow transfers identification |
| title_sort | exploit detection based on illegal control flow transfers identification |
| topic | software vulnerability exploit attack detection address space layout randomization data execution pro-tection |
| url | http://www.joconline.com.cn/zh/article/doi/10.3969/j.issn.1000-436x.2014.09.003/ |
| work_keys_str_mv | AT minghuawang exploitdetectionbasedonillegalcontrolflowtransfersidentification AT lingyunying exploitdetectionbasedonillegalcontrolflowtransfersidentification AT dengguofeng exploitdetectionbasedonillegalcontrolflowtransfersidentification |