2020
DOI: 10.3233/jcs-191368
|View full text |Cite
|
Sign up to set email alerts
|

DeepReturn: A deep neural network can learn how to detect previously-unseen ROP payloads without using any heuristics

Abstract: Return-oriented programming (ROP) is a code reuse attack that chains short snippets of existing code to perform arbitrary operations on target machines. Existing detection methods against ROP exhibit unsatisfactory detection accuracy and/or have high runtime overhead. In this paper, we present DeepReturn, which innovatively combines address space layout guided disassembly and deep neural networks to detect ROP payloads. The disassembler treats application input data as code pointers and aims to find any potent… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1
1

Citation Types

0
15
0

Year Published

2021
2021
2023
2023

Publication Types

Select...
2
1
1

Relationship

1
3

Authors

Journals

citations
Cited by 4 publications
(15 citation statements)
references
References 34 publications
0
15
0
Order By: Relevance
“…It is also observed that preparing the data is the most challenging part for applying deep learning to detect ROP attacks. [Li et al, 2020, Zhang et al, 2019b. For example, proposed a unique data representation for traces acquired from Intel PT, which is a 2-dimensional grid data structure that can be used to training neural networks; Zhang et al [2019b] proposed a specialized fine-grained CFG and a unique way to create malicious data.…”
Section: Deep Learning Based Rop Detection Methodsmentioning
confidence: 99%
See 4 more Smart Citations
“…It is also observed that preparing the data is the most challenging part for applying deep learning to detect ROP attacks. [Li et al, 2020, Zhang et al, 2019b. For example, proposed a unique data representation for traces acquired from Intel PT, which is a 2-dimensional grid data structure that can be used to training neural networks; Zhang et al [2019b] proposed a specialized fine-grained CFG and a unique way to create malicious data.…”
Section: Deep Learning Based Rop Detection Methodsmentioning
confidence: 99%
“…The flow diagram of the data preparation process is shown in Figure 2. The authors of DeepReturn, Li et al [2020] called the process of chaining up the instruction sequences Address Space Layout (ASL) guided disassembly. The detail of the ASL guided disassembly will be explained in Section 4.1.…”
Section: Domain Adaptationmentioning
confidence: 99%
See 3 more Smart Citations