A dynamic detection method of rop and its variant attacks based on pin tool

A technology of dynamic detection and tools, which is applied in the direction of instruments, calculations, electrical digital data processing, etc., can solve the problems of low detection efficiency, achieve the effect of convenient deployment, strong practicability, and overcome the single type

Active Publication Date: 2020-05-19
UNIV OF ELECTRONICS SCI & TECH OF CHINA
View PDF3 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0007] Based on the above technical problems, the present invention provides a dynamic detection method for ROP and its variant attacks based on the Pin tool. ROP attack detection, while detecting low-efficiency technical problems

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A dynamic detection method of rop and its variant attacks based on pin tool
  • A dynamic detection method of rop and its variant attacks based on pin tool
  • A dynamic detection method of rop and its variant attacks based on pin tool

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0032] All the features disclosed in this specification, except for mutually exclusive features and / or steps, can be combined in any manner.

[0033] The present invention will be described in detail below in conjunction with the drawings.

[0034] A dynamic detection method for ROP and its variant attacks based on the Pin tool, including the following steps:

[0035] Step 1: Use binary Pin instrumentation tools (such as figure 1 ) Enable the target program, specifically loading PINTOOL.DLL through PIN.EXE, and return the request to start the target program after PINTOOL.DLL is initialized;

[0036] Step 2: Use the binary Pin instrumentation tool to track the target program, and match the ret instruction, call instruction and jmp instruction. The binary Pin instrumentation tool includes a dynamic link library analysis module, a dynamic monitoring module, and an attack detection module;

[0037] The binary instrumentation tool Pin supports IA-32, Intel(R)64 and Intel(R) many integrated c...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

Belonging to the field of attack detection, the present invention discloses a dynamic detection method based on a Pin tool-based ROP and variant attacks thereof. Step 1: use a binary Pin instrumentation tool to enable a target program; Step 2: track the target program and match the ret command , call instruction and jmp instruction; Step 3: if it is a ret instruction, use the detection module based on the ret instruction to detect; if it is a call instruction, use the detection module based on the call instruction to detect; if it is a jmp instruction, use the detection module based on the The detection module of jmp instruction detects; Step 4: if detection module detects the abnormality of described target program, then send attack alarm; Otherwise jump to step 2; The present invention can carry out dynamic detection to ROP and variant attack thereof, has a lot of advantages Strong practicality and versatility.

Description

Technical field [0001] The invention relates to a detection technology for ROP attacks, in particular to a dynamic detection method for ROP and its variant attacks based on a Pin tool, which is used for detecting ROP and its variant attacks. Background technique [0002] There are many types of network security, such as: network physical security, network topology security, network system security, application system security, and network management security. The present invention relates to application system security. All kinds of software running on the computer are manually written. Due to human limitations, the written software is more or less vulnerable. Buffer overflow vulnerabilities, heap overflow vulnerabilities, and local privilege escalation vulnerabilities are still widespread. Once these vulnerabilities are discovered and used by people with ulterior motives, the harm they bring cannot be underestimated. In order to deal with the harm caused by vulnerabilities, exp...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/52G06F21/56
CPCG06F21/52G06F21/566
Inventor 张小松牛伟纳曹思宇
Owner UNIV OF ELECTRONICS SCI & TECH OF CHINA
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap