A method and device for detecting return-oriented programming attacks

A backhaul, application programming interface technology, applied in the field of network security, can solve problems such as non-support and security problems, and achieve the effect of avoiding ROP attacks and improving network security.

Active Publication Date: 2017-04-26
ZHUHAI BAOQU TECH CO LTD
View PDF4 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

In this way, on the one hand, many early operating systems, such as early versions of msvcrt.dll, gdi32.dll, etc., do not support ASLR and support compilers, resulting in early operating systems that are easily exploited by attackers to successfully construct ROP attack codes are used to attack the operating system; on the other hand, due to the endless loophole attacks, especially after Microsoft stopped the XP service, the existing protection strategy may be broken by other attack methods, so many users based on the Windows operating system will Facing more serious security problems

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A method and device for detecting return-oriented programming attacks
  • A method and device for detecting return-oriented programming attacks
  • A method and device for detecting return-oriented programming attacks

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0023] Embodiments of the present invention will be described in detail below in conjunction with the accompanying drawings.

[0024] It should be clear that the described embodiments are only some of the embodiments of the present invention, not all of them. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without creative efforts fall within the protection scope of the present invention.

[0025] figure 1 It is a schematic flowchart of a method for detecting a return-oriented programming attack according to an embodiment of the present invention. see figure 1 , the method includes:

[0026] Step 101, respectively injecting a preset application programming interface function monitoring program into the process of each application program to be monitored;

[0027] In this step, the application programming interface function monitoring program is injected into the process of the application program so ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The embodiment of the invention discloses a method and a device for detecting return-oriented programming attack. The method for detecting the return-oriented programming attack comprises injecting preset application programming interface (API) function monitoring programs into the process of every application program to be monitored; when the process of the application program to be monitored calls API functions inside a preset API function library, retarding the process of the application program to be monitored from calling the API functions; processing the calling-retarded API functions according to preset return-oriented programming (ROP) protecting strategies to determine whether calling the calling-retarded API functions is allowed. The method and device for detecting the return-oriented programming attack can effectively detect ROP attack and accordingly improve network security.

Description

technical field [0001] The invention relates to network security technology, in particular to a method and device for detecting Return-oriented Programming (ROP, Return-oriented Programming) attacks. Background technique [0002] With the widespread application of computer network technology, the Internet has gradually become the main channel for malicious applications to attack users. Malicious applications disguise application files as other types of files and lure users to click and download them. After the computer is successfully running, the attacker can use the installed malicious application program to attack the vulnerabilities of the operating system and application software, for example, destroying the user's computer and stealing the user's private information. Among them, a vulnerability refers to a flaw in the logical design of the operating system or application software or an error in writing. These defects or errors can often be exploited by attackers and i...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/56
CPCG06F21/566G06F2221/033
Inventor 薛小昊刘桂峰姚辉
Owner ZHUHAI BAOQU TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap