Detecting code reuse attack using RNN

Jin-sub Kim; Jong-sub Moon

Detecting code reuse attack using RNN

Jin-sub Kim, Jong-sub Moon, Journal of Internet Computing and Services, Vol. 19, No. 3, pp. 15-23, Jun. 2018

10.7472/jksii.2018.19.3.15, Full Text:

HTML
Keywords: code reuse attack, ROP(Return-Oriented Programming), RNN(Recurrent Neural Network)

Abstract

A code reuse attack is an attack technique that can execute arbitrary code without injecting code directly into the stack by combining executable code fragments existing in program memory and executing them continuously. ROP(Return-Oriented Programming) attack is typical type of code reuse attack and serveral defense techniques have been proposed to deal with this. However, since existing methods use Rule-based method to detect attacks based on specific rules, there is a limitation that ROP attacks that do not correspond to previously defined rules can not be detected. In this paper, we introduce a method to detect ROP attack by learning command pattern used in ROP attack code using RNN(Recurrent Neural Network). We also show that the proposed method effectively detects ROP attacks by measuring False Positive Ratio, False Negative Ratio, and Accuracy for normal code and ROP attack code discrimination.

Statistics

Show / Hide Statistics

Statistics (Past 3 Years)
Multiple requests among the same browser session are counted as one view.
If you mouse over a chart, the values of data points will be shown.

Cite this article

[APA Style]

Kim, J. & Moon, J. (2018). Detecting code reuse attack using RNN. Journal of Internet Computing and Services, 19(3), 15-23. DOI: 10.7472/jksii.2018.19.3.15.

[IEEE Style]

J. Kim and J. Moon, "Detecting code reuse attack using RNN," Journal of Internet Computing and Services, vol. 19, no. 3, pp. 15-23, 2018. DOI: 10.7472/jksii.2018.19.3.15.

[ACM Style]

Jin-sub Kim and Jong-sub Moon. 2018. Detecting code reuse attack using RNN. Journal of Internet Computing and Services, 19, 3, (2018), 15-23. DOI: 10.7472/jksii.2018.19.3.15.