Unlock instant, AI-driven research and patent intelligence for your innovation.

Real-time detection system of binary program memory decay attack

A binary program and real-time detection technology, applied in the direction of instrumentation, electrical digital data processing, platform integrity maintenance, etc., can solve the problems of high false positive rate and false positive rate, and the need for source code, etc., to achieve simple implementation and accurate attack detection , The effect of expanding the attack detection range

Inactive Publication Date: 2011-08-31
NANJING UNIV
View PDF0 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

But these existing works have at least one of the following shortcomings: (1) need source code; (2) only for a certain type of attack; (3) need special hardware mechanism support; (4) have a large The false positive and false negative rates of

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Real-time detection system of binary program memory decay attack
  • Real-time detection system of binary program memory decay attack
  • Real-time detection system of binary program memory decay attack

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0055] The present invention is built on Valgrind and its plugin Flayer.

[0056] Such as figure 1 As shown, the real-time detection system 10 for binary program memory corruption attacks of the present invention includes: a code conversion unit 20 , a program internal data coloring unit 21 , a program runtime monitoring unit 22 and an attack detection unit 23 .

[0057] The code conversion unit 20 is used to convert binary-level codes into Valgrind intermediate code form VEX, which is a reduced instruction set. There are 10 types of statements in the VEX instruction set. There are 12 kinds of expressions.

[0058] Such as image 3 As shown, the VEX instruction set is divided into statements and expressions. The difference between a statement and an expression is: a statement modifies a register / memory / temporary variable, while an expression only uses the value of a register / memory / temporary variable. Data objects in the VEX instruction set are divided into four categori...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a real-time detection system of binary program memory decay attack, which comprises a code-switching unit, a program internal data dyeing unit, a program operation monitoring unit and an attack detection unit. The code-switching unit is used for switching binary level codes into VEX with Valgrind intermediate code forms; the program internal data dyeing unit comprises a pointer type data recognition part and a pointer type data dyeing part, is used for executing the VEX command according to the program operation, scans and researches the VEX command, and dyes point type data when the point type data is recognized; the program operation monitoring unit is used for recognizing static point data and dynamic point data, and dyeing static point and dynamic point and same color memory zones corresponding to the static point and the dynamic point; the attack detection unit is used for capturing operation of inputting data externally, dyeing the data input externally, dynamically monitoring the external data, and dynamically transmitting the color. The invention has the advantages of real-time detection and accurate attack detection.

Description

technical field [0001] The present invention relates to a real-time detection method and tool when a program suffers from a memory rot attack, in particular to a binary program memory rot attack through dynamic analysis and tracking of the binary program during runtime on the basis of a binary level without source code real-time detection system. Background technique [0002] Almost all software security vulnerabilities are caused by memory-related program vulnerabilities. According to the statistics of US-CERT (United States Emergency Response Team), the vast majority of existing vulnerability security-related issues are achieved through memory corruption attacks (that is, attacks caused by incorrect reading and writing of memory). Therefore, It is particularly important to research and develop real-time detection technology for memory corruption attacks. [0003] At present, many methods for memory corruption attacks have been proposed, but these methods are considered f...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/22G06F21/56
Inventor 茅兵谢立王磊陈平
Owner NANJING UNIV