Survey of software anomaly detection based on deception
Advanced persistent threats (APT) will use vulnerabilities to automatically load attack code and hide attack behavior, and exploits code reuse to bypass the non-executable stack & heap protection, which is an essential threat to network security.Traditional control flow integrity and address spa...
Saved in:
| Main Authors: | , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
POSTS&TELECOM PRESS Co., LTD
2022-02-01
|
| Series: | 网络与信息安全学报 |
| Subjects: | |
| Online Access: | http://www.cjnis.com.cn/thesisDetails#10.11959/j.issn.2096-109x.2022003 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1841529806272856064 |
|---|---|
| author | Jianming FU Chang LIU Mengfei XIE Chenke LUO |
| author_facet | Jianming FU Chang LIU Mengfei XIE Chenke LUO |
| author_sort | Jianming FU |
| collection | DOAJ |
| description | Advanced persistent threats (APT) will use vulnerabilities to automatically load attack code and hide attack behavior, and exploits code reuse to bypass the non-executable stack & heap protection, which is an essential threat to network security.Traditional control flow integrity and address space randomization technologies have effectively prevented the pace of APT.However, the complexity of the software and the evolution of attacks make the software still being vulnerable.For this reason, deception defense with resources as bait is an indispensable supplement for network security.The trapping mechanism consists of bait design and attack detection, which infer possible unauthorized access or malicious attacks by sensing the interaction behavior with the bait.According to the three types of bait, which are file, data and code, the automatic construction scheme of bait is designed and deployed, and the effectiveness of bait is measured from the aspects of believability, detectability and enticement, etc.Ransom ware detection based on deception defense focuses on the deployment location of bait files, and in the area of vulnerability detection, code reuse attacks are detected by injecting bait code.Research work related to the implementation of deception defense in each phase of APT attacks was introduced, and the mechanism of deception defense from bait type, bait generation, bait deployment, and bait measurement was described.Simultaneously, deception defense applications in ransom ware detection, vulnerability detection, and Web security were analyzed.In response to the shortcomings of existing ransom ware detection research in terms of bait file design and deployment, a dynamic update method of bait for ransom ware detection was proposed.The deception defense challenges were discussed and hoped that deception defense can provide theoretical and technical support for discovering unknown attacks and attack attribution. |
| format | Article |
| id | doaj-art-8d5b6cc91eb346e3aa80550ecc32149b |
| institution | Kabale University |
| issn | 2096-109X |
| language | English |
| publishDate | 2022-02-01 |
| publisher | POSTS&TELECOM PRESS Co., LTD |
| record_format | Article |
| series | 网络与信息安全学报 |
| spelling | doaj-art-8d5b6cc91eb346e3aa80550ecc32149b2025-01-15T03:15:37ZengPOSTS&TELECOM PRESS Co., LTD网络与信息安全学报2096-109X2022-02-018152959571243Survey of software anomaly detection based on deceptionJianming FUChang LIUMengfei XIEChenke LUOAdvanced persistent threats (APT) will use vulnerabilities to automatically load attack code and hide attack behavior, and exploits code reuse to bypass the non-executable stack & heap protection, which is an essential threat to network security.Traditional control flow integrity and address space randomization technologies have effectively prevented the pace of APT.However, the complexity of the software and the evolution of attacks make the software still being vulnerable.For this reason, deception defense with resources as bait is an indispensable supplement for network security.The trapping mechanism consists of bait design and attack detection, which infer possible unauthorized access or malicious attacks by sensing the interaction behavior with the bait.According to the three types of bait, which are file, data and code, the automatic construction scheme of bait is designed and deployed, and the effectiveness of bait is measured from the aspects of believability, detectability and enticement, etc.Ransom ware detection based on deception defense focuses on the deployment location of bait files, and in the area of vulnerability detection, code reuse attacks are detected by injecting bait code.Research work related to the implementation of deception defense in each phase of APT attacks was introduced, and the mechanism of deception defense from bait type, bait generation, bait deployment, and bait measurement was described.Simultaneously, deception defense applications in ransom ware detection, vulnerability detection, and Web security were analyzed.In response to the shortcomings of existing ransom ware detection research in terms of bait file design and deployment, a dynamic update method of bait for ransom ware detection was proposed.The deception defense challenges were discussed and hoped that deception defense can provide theoretical and technical support for discovering unknown attacks and attack attribution.http://www.cjnis.com.cn/thesisDetails#10.11959/j.issn.2096-109x.2022003advanced persistent threatcode reuse attackcontrol flow integrityaddress randomizationdeception defense |
| spellingShingle | Jianming FU Chang LIU Mengfei XIE Chenke LUO Survey of software anomaly detection based on deception 网络与信息安全学报 advanced persistent threat code reuse attack control flow integrity address randomization deception defense |
| title | Survey of software anomaly detection based on deception |
| title_full | Survey of software anomaly detection based on deception |
| title_fullStr | Survey of software anomaly detection based on deception |
| title_full_unstemmed | Survey of software anomaly detection based on deception |
| title_short | Survey of software anomaly detection based on deception |
| title_sort | survey of software anomaly detection based on deception |
| topic | advanced persistent threat code reuse attack control flow integrity address randomization deception defense |
| url | http://www.cjnis.com.cn/thesisDetails#10.11959/j.issn.2096-109x.2022003 |
| work_keys_str_mv | AT jianmingfu surveyofsoftwareanomalydetectionbasedondeception AT changliu surveyofsoftwareanomalydetectionbasedondeception AT mengfeixie surveyofsoftwareanomalydetectionbasedondeception AT chenkeluo surveyofsoftwareanomalydetectionbasedondeception |