Eureka AIR delivers breakthrough ideas for toughest innovation challenges, trusted by R&D personnel around the world.

A control flow hijacking attack detection technology and system based on dynamic analysis

An attack detection and control flow technology, applied in error detection/correction, software testing/debugging, instrumentation, etc., to solve problems such as under-contamination, over-contamination, and difficult implementation of complex programs

Active Publication Date: 2019-04-02
SICHUAN UNIV
View PDF5 Cites 5 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Although the traditional control flow integrity policy CFI can effectively defend against control flow hijacking attacks, it is difficult to deploy in the actual environment
There are two main reasons for this: first, the construction of CFG is difficult, and the complete CFG construction needs to rely on the source code of the program, which is even more difficult to implement for complex programs.
Second, it is necessary to check every indirect control transfer in the program, fine-grained detection will cause very large overhead
Dynamic stain analysis technology has problems such as over-pollution and under-pollution in actual detection, so the efficiency is low and the accuracy is not high

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A control flow hijacking attack detection technology and system based on dynamic analysis
  • A control flow hijacking attack detection technology and system based on dynamic analysis
  • A control flow hijacking attack detection technology and system based on dynamic analysis

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0014] In the present invention, it is used to detect control flow hijacking attacks, and the present invention will be further described below in conjunction with the accompanying drawings. The present invention aims to provide a control flow hijacking attack system based on dynamic analysis, which can detect control flow hijacking attacks simply and efficiently, and can be easily deployed in the actual application environment to defend against control flow hijacking attacks in the actual application environment .

[0015] figure 1 It is an architecture diagram describing the composition of the system of the present invention.

[0016] Such as figure 1 As shown, the core of the detection system is the management terminal, which integrates other modules so that the functions of the entire system are harmoniously connected. At the same time, a user interaction interface is provided through which the user can start the target program and input the detected samples or data. , ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to the technical field of vulnerability attack detection based on binary code streams, in particular to a vulnerability attack detection system under a Windows operating system.According to the technology, a dynamic binary instrumentation technology is adopted to monitor a program during running, and the specific content comprises the steps that the implementation principleand the specific process of a control flow hijacking attack are analyzed in detail, and main abnormal behaviors, caused by the control flow hijacking attack, of an application program are summarized;other operations do not need to be carried out before the target program runs, and the binary instrumentation technology is used for extracting program running information to carry out real-time attack detection; the detailed information of the attack is recorded for program vulnerability analysis; and the program operation is ended at the first time of determining the attack, thereby preventing further behavior of the attack. The invention provides a new solution for the detection of the control flow hijacking attack.

Description

technical field [0001] The invention relates to the technical field of vulnerability attack detection based on binary code flow, in particular to a vulnerability attack detection system under the Windows operating system. Background technique [0002] From the Morris worm in 1988 to the Wannacry ransomware in 2017, we can see the severe situation of cyberspace security. According to CNVD's 2017 statistics on the types of vulnerabilities included, application vulnerabilities accounted for as high as 59.2%, and the number of vulnerabilities is increasing year by year. Although major software manufacturers are constantly improving and perfecting software development quality management, the problem of software vulnerabilities cannot be completely eliminated. [0003] Application vulnerabilities can be exploited in a variety of ways, with control flow hijacking attacks being the most common. Control flow hijacking attacks allow an attacker to corrupt a program's control data, o...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/55G06F11/36
CPCG06F11/3636G06F11/366G06F21/55
Inventor 刘亮吴小王贾鹏
Owner SICHUAN UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Eureka Blog
Learn More
PatSnap group products