Á¤º¸°úÇÐȸ³í¹®Áö (Journal of KIISE)
Current Result Document :
| ÇѱÛÁ¦¸ñ(Korean Title) |
¸í·É¾î Ư¼º ¿ä¾àÀ» »ç¿ëÇÑ ½Å°æ¸Á ±â¹Ý ROP °ø°Ý ŽÁöÀÇ ¼º´É °³¼± |
| ¿µ¹®Á¦¸ñ(English Title) |
Performance Improvement of Neural Network-based Detection of ROP Attacks using Abstraction of Instruction Features |
| ÀúÀÚ(Author) |
ÀÌÇö±Ô
ǥâ¿ì
Hyungyu Lee
Changwoo Pyo
|
| ¿ø¹®¼ö·Ïó(Citation) |
VOL 48 NO. 05 PP. 0493 ~ 0500 (2021. 05) |
Çѱ۳»¿ë
(Korean Abstract) |
±Íȯ ÁöÇâ ÇÁ·Î±×·¡¹Ö(Return-Oriented Programming (ROP))Àº ¸Þ¸ð¸®¿¡ ÀûÀçµÇ¾î ÀÖ´Â ÄÚµå Á¶°¢µéÀ» ±Íȯ ¸í·ÉÀ» »ç¿ëÇÏ¿© ¿øÇÏ´Â ¼ø¼´ë·Î ½ÇÇàÇÏ´Â ÇÁ·Î±×·¥ °ø°Ý ±â¹ýÀÌ´Ù. ÀÌ ³í¹®Àº ½Å°æ¸ÁÀ» »ç¿ëÇÏ¿© ROP °ø°ÝÀ» È¿À²ÀûÀ¸·Î ŽÁöÇÏ´Â ¹æ¹ýÀ» Á¦¾ÈÇÏ°í ÀÖ´Ù. ÀÌ ¹æ¹ýÀº ¸í·É¾î Ư¡À» ³ªÅ¸³»´Â ¿ä¾àÀ» »ç¿ëÇÏ¿© µ¥ÀÌÅÍÀÇ Å©±â¸¦ Ãà¼Ò½ÃÅ°°í, ±Íȯ ¸í·É ÀÌÈÄ¿¡ ½ÇÇàµÇ´Â 12°³ÀÇ ¸í·É¿¡ ´ëÇؼ¸¸ ½Å°æ¸ÁÀ» °¡µ¿ÇÑ´Ù. À¥ ¼¹ö¿Í ºê¶ó¿ìÀú, ±×¸®°í ÀÌµé ½ÇÇà¿¡ ÇÊ¿äÇÑ ¶óÀ̺귯¸®¸¦ »ç¿ëÇÑ ½ÇÇè¿¡¼ F1 Á¡¼ö 100À» À¯ÁöÇÏ´Â °¡¿îµ¥ DeepCheck°ú HeNetº¸´Ù °¢°¢ 9.6¹è, ±×¸®°í 1,403.1¹èÀÇ ¼Óµµ Çâ»óÀ» º¸¿´´Ù.
|
¿µ¹®³»¿ë
(English Abstract) |
Return-oriented programming (ROP) is a program attack technique that executes code snippets in memory following an attacker-intended order using return instructions. This paper proposes a method of detecting ROP attacks using neural networks. The method reduces the size of the data by using abstraction of instruction features relevant to ROP attacks rather than entire bits of instructions and activates the neural networks only for 12 instructions after a return instruction. Our experiments on a web server, browser, and the necessary libraries show speedups of 9.6 and 1,403.1over DeepCheck and HeNet with an F1 score of 100.
|
| Å°¿öµå(Keyword) |
ÇÁ·Î±×·¥ º¸¾È
±Íȯ ÁöÇâ ÇÁ·Î±×·¡¹Ö
½ÇÇà½Ã°£ ŽÁö
½Å°æ¸Á
program security
return-oriented programming
runtime detection
neural network
|
| ÆÄÀÏ÷ºÎ |
PDF ´Ù¿î·Îµå
|
