Software Attack Detection Method by Validation of Flow Control Instruction`s Target Address 


Vol. 13,  No. 4, pp. 397-404, Aug.  2006
10.3745/KIPSTC.2006.13.4.397


PDF
  Abstract

Successful software attacks require both injecting malicious code into a program's address space and altering the program's flow control to the injected code. Code section can not be changed at program's runtime, so malicious code must be injected into data section. Detoured flow control into data section is a signal of software attack. We propose a new software attack detection method which verify the target address of CALL, JMP, RET instructions, which alter program's flow control, and detect a software attack when the address is not in code section. Proposed method can detect all change of flow control related data, not only program's return address but also function pointer, buffer of longjmp() function and old base pointer, so it can detect the more attacks.

  Statistics
  Cite this article

[IEEE Style]

M. R. Choi, S. S. Park, J. W. Park, K. H. Lee, "Software Attack Detection Method by Validation of Flow Control Instruction`s Target Address," The KIPS Transactions:PartC, vol. 13, no. 4, pp. 397-404, 2006. DOI: 10.3745/KIPSTC.2006.13.4.397.

[ACM Style]

Myeong Ryeol Choi, Sang Seo Park, Jong Wook Park, and Kyoon Ha Lee. 2006. Software Attack Detection Method by Validation of Flow Control Instruction`s Target Address. The KIPS Transactions:PartC, 13, 4, (2006), 397-404. DOI: 10.3745/KIPSTC.2006.13.4.397.

Forms

Search
(IN TITLE, AUTHOR, ABSTRACT,KEYWORDS)

Advanced Search

POPULAR KEYWORDS
(TOP 10 KEYWORDS)

Recent Publications
(LAST 3 YEARS)

Old Journals

Indexing

All publications of TKIPS is indexed in DOI, EBSCO, Google Scholar, Crossref, and CrossCheck.

TKIPS is also selected as the Journal for Accreditation by NRF (National Research Foundation of Korea).

Related Journals