Eureka AIR delivers breakthrough ideas for toughest innovation challenges, trusted by R&D personnel around the world.

A control flow hijacking attack detection method and system based on dynamic analysis

A technology for attack detection and control flow, applied in error detection/correction, software testing/debugging, instrumentation, etc., can solve problems such as low efficiency, low precision, and difficult deployment

Active Publication Date: 2022-02-11
SICHUAN UNIV
View PDF5 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Although the traditional control flow integrity policy CFI can effectively defend against control flow hijacking attacks, it is difficult to deploy in the actual environment
There are two main reasons for this: First, the construction of CFG is difficult. The complete CFG construction needs to rely on the source code of the program, which is even more difficult to implement for complex programs.
Second, it is necessary to check every indirect control transfer in the program, fine-grained detection will cause very large overhead
Dynamic stain analysis technology has problems such as over-pollution and under-pollution in actual detection, so the efficiency is low and the accuracy is not high

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A control flow hijacking attack detection method and system based on dynamic analysis
  • A control flow hijacking attack detection method and system based on dynamic analysis
  • A control flow hijacking attack detection method and system based on dynamic analysis

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0014] In the present invention, it is used to detect control flow hijacking attacks, and the present invention will be further described below in conjunction with the accompanying drawings. The present invention aims to provide a control flow hijacking attack system based on dynamic analysis, which can detect control flow hijacking attacks simply and efficiently, and can be easily deployed in the actual application environment to defend against control flow hijacking attacks in the actual application environment .

[0015] figure 1 It is an architecture diagram describing the composition of the system of the present invention.

[0016] Such as figure 1 As shown, the core of the detection system is the management terminal, which integrates other modules so that the functions of the entire system are harmoniously connected. At the same time, a user interaction interface is provided through which the user can start the target program and input the detected samples or data. , ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to the technical field of vulnerability attack detection based on binary code flow, in particular to a vulnerability attack detection system under the Windows operating system. This technology uses dynamic binary instrumentation technology to monitor the program at runtime. The specific content includes: detailed analysis of the implementation principle and specific process of the control flow hijacking attack, and summarizing the main abnormal behavior of the application program caused by the control flow hijacking attack; Perform other operations before running the target program, use binary instrumentation technology to extract program runtime information for real-time attack detection; record detailed attack information for program vulnerability analysis; terminate program execution as soon as the attack is determined, and prevent further attacks . The invention provides a new solution for the control flow hijacking attack detection.

Description

technical field [0001] The invention relates to the technical field of vulnerability attack detection based on binary code flow, in particular to a vulnerability attack detection system under the Windows operating system. Background technique [0002] From the Morris worm in 1988 to the Wannacry ransomware in 2017, we can see the severe situation of cyberspace security. According to CNVD's 2017 statistics on the types of vulnerabilities included, application vulnerabilities accounted for as high as 59.2%, and the number of vulnerabilities is increasing year by year. Although major software manufacturers are constantly improving and perfecting software development quality management, the problem of software vulnerabilities cannot be completely eliminated. [0003] Application vulnerabilities can be exploited in a variety of ways, with control flow hijacking attacks being the most common. Control flow hijacking attacks allow an attacker to corrupt a program's control data, o...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/55G06F11/36
CPCG06F11/3636G06F11/366G06F21/55
Inventor 刘亮吴小王贾鹏
Owner SICHUAN UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Eureka Blog
Learn More
PatSnap group products