{"title":"SPADA","authors":"F. B. Moreira, Daniel A. G. Oliveira, P. Navaux","doi":"10.1145/3310273.3321557","DOIUrl":null,"url":null,"abstract":"One of the main challenges in system security is the detection of vulnerability exploitation, especially valid control flow exploitation. The specificity of state-of-the-art methods, such as signature-based detection, becomes a limiting factor when detecting the latest exploits and attacks uncovered. We propose the detection of exploit executions by partitioning applications into phases, characterized by their Basic Block activity, and a phase behavior analysis. In contrast to previous works, our technique can detect exploits which use proper application control flows, such as Heartbleed. Moreover, our method identifies instances under attack using simple and statistically relevant phase features to profile control flow.","PeriodicalId":431860,"journal":{"name":"Proceedings of the 16th ACM International Conference on Computing Frontiers","volume":"448 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-04-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 16th ACM International Conference on Computing Frontiers","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3310273.3321557","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 1
Abstract
One of the main challenges in system security is the detection of vulnerability exploitation, especially valid control flow exploitation. The specificity of state-of-the-art methods, such as signature-based detection, becomes a limiting factor when detecting the latest exploits and attacks uncovered. We propose the detection of exploit executions by partitioning applications into phases, characterized by their Basic Block activity, and a phase behavior analysis. In contrast to previous works, our technique can detect exploits which use proper application control flows, such as Heartbleed. Moreover, our method identifies instances under attack using simple and statistically relevant phase features to profile control flow.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
