Software Attack Detection Method by Validation of Flow Control Instruction`s Target Address

Myeong Ryeol Choi; Sang Seo Park; Jong Wook Park; Kyoon Ha Lee

Software Attack Detection Method by Validation of Flow Control Instruction`s Target Address

The KIPS Transactions:PartC, Vol. 13, No. 4, pp. 397-404, Aug. 2006

10.3745/KIPSTC.2006.13.4.397, PDF Download:

Abstract

Successful software attacks require both injecting malicious code into a program's address space and altering the program's flow control to the injected code. Code section can not be changed at program's runtime, so malicious code must be injected into data section. Detoured flow control into data section is a signal of software attack. We propose a new software attack detection method which verify the target address of CALL, JMP, RET instructions, which alter program's flow control, and detect a software attack when the address is not in code section. Proposed method can detect all change of flow control related data, not only program's return address but also function pointer, buffer of longjmp() function and old base pointer, so it can detect the more attacks.

Statistics

Show / Hide Statistics

Statistics (Cumulative Counts from September 1st, 2017)
Multiple requests among the same browser session are counted as one view.
If you mouse over a chart, the values of data points will be shown.

Cite this article

[IEEE Style]

M. R. Choi, S. S. Park, J. W. Park, K. H. Lee, "Software Attack Detection Method by Validation of Flow Control Instruction`s Target Address," The KIPS Transactions:PartC, vol. 13, no. 4, pp. 397-404, 2006. DOI: 10.3745/KIPSTC.2006.13.4.397.

[ACM Style]

Myeong Ryeol Choi, Sang Seo Park, Jong Wook Park, and Kyoon Ha Lee. 2006. Software Attack Detection Method by Validation of Flow Control Instruction`s Target Address. The KIPS Transactions:PartC, 13, 4, (2006), 397-404. DOI: 10.3745/KIPSTC.2006.13.4.397.