基于动态分析的控制流劫持攻击检测

控制流完整性策略能够有效地防御控制流劫持类攻击,但复杂的控制流图构建使该策略的实际部署非常困难.为了有效地针对控制流劫持攻击的检测手段,提出一种基于程序异常行为来检测控制流劫持攻击的方法,并基于该方法实现了控制流劫持攻击检测系统.实验表明,该方法能够有效地检测出由控制流劫持攻击造成的各种程序异常行为,基于该方法的攻击检测系统运行效果良好,能够方便的部署到实际应用环境中.

Control flow hijacking attack detection based on dynamic analysis

The control flow integrity (CFI) strategy can effectively defend against control flow hijacking attacks, but the complex control flow graph construction makes the actual deployment of this strategy very difficult. In order to realize a practical detection method against control flow hijacking attacks, a method based on identifying abnormal program behaviors is proposed to detect control flow hijacking attacks, and a control flow hijacking attack detection system is implemented based on this method. Experiments show that this method can effectively detect various abnormal program behaviors caused by control flow hijacking attacks. The attack detection system works well and can be easily deployed in the actual application environment.