1 / 39

Exploring ROP in x86 Architectures with Neural Networks & SVM

Understand Return-Oriented Programming (ROP) techniques in x86 systems, ROP payload generation, and neural network concepts. Discover SVM applications and kernel functions in machine learning.

sashley
Download Presentation

Exploring ROP in x86 Architectures with Neural Networks & SVM

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Capstone Project CBER 710

  2. Return Oriented Programming • ROP is a technique where attacker uses the existence code in such a way that the program behaves the way the attacker wants. • A ROP chains together instructions sequence already present in the program’s address space, of which ends in RET to form its intended Attack.

  3. Machine Learning

  4. Motivation

  5. Project Scope

  6. The ROP Process in x86system

  7. The Processor Architectures • We represent about the Intel family’s x86 or 32-bit system.

  8. The x86 Architecture

  9. Principles of ROP

  10. Return-Oriented Exploitation • This exploitation of ROP works in such a way that the attackers get to work out the way attacker wants it to behave. • To work it out properly these gadgets must be placed in the memory properly to execute the exploitation.

  11. ROP Payload • In this project, we will be generating the ROP payload using the ROP generator. • For this experiment we are considering “ROPgadget - Gadgets finder and auto-roper”. • This tool lets you search your gadgets on your binaries to facilitate your ROP exploitation

  12. ROPgadget Tool • This tool lets you search your gadgets on your binaries to facilitate your ROP exploitation. • ROPgadget supports ELF/PE/Mach-O format on x86, x64, ARM, ARM64, PowerPC, SPARC and MIPS architectures.

  13. Neural Networks • Artificial Neural networks or even Connectionists systems, are computing systems inspired by the biological neural network. • In other words, a computer system that is modeled on a human brain and nervous system. • Now, sometimes they are even structured or consists of an animal brain. • It is designed for problem solving, by processing information of how a biological nervous system perceives it. • It consists of interconnected processing neurons, which are fed the input to work in unison to solve a specific problem.

  14. Neural networks process information in a similar way the brains do. • They cannot be instructed to follow a set of commands. • Rather they are fed examples to learn from; which by the way, needs to be carefully chosen so as not to be mis-fed the information or affect and change the desired output process.

  15. Feed Forward: Also known as Artificial Neuron, is the simplest type of a neural network. • Feeding through input. Processes it. Exits as output. • Data travels only in one direction.

  16. Radial Basis Function Input neurons are placed with respect to the center. Has two layers. • First layer for combining the features of radial basis function. It is the inner layer. • The output of combination of these features are taken and used for computing the output of the set.

  17. KohonenSelf Organizing: • A Kohonen Map, has an objective to input vectors of arbitrary dimensions to discrete map filled with neurons. • The map itself can be uni or bi-dimensional. • It uses unsupervised learning approach for its training.

  18. Recurrent Neural Network: As the name suggests, this works in a simple function of taking the first output of the set and making it the input for second layer. • This helps in predicting the cumulative output of all the layers. • This input method is also known as the front propagation system. • The first layer input is similar to the Feed Forward Neural Network.

  19. Convolutional Neural Network: Most widely used in image processing. • Requires bare minimum preprocessing. • Input here also works on the front propagation system. • Also widely used in weather forecasts and predicting agricultural growth.

  20. Modular Neural Network: A series of independent artificial neural networks combined together by a single intermediary. • Each node is an individual module. • Operates on separate input to accomplish a subtask of something larger, a main task.

  21. SVM Support Vector Machine (SVM) is a robust classification and regression technique that maximizes the predictive accuracy of a model without overfitting the training data.

  22. SVM applications in many disciplines • Customer relationship management (CRM) • Facial and other image recognition • Bioinformatics • Intrusion detection • Voice and speech recognition • Text mining concept extraction

  23. How SVM works?

  24. Hyperplane

  25. Hyperplane

  26. Kernel Function • The mathematical function used for the transformation is known as the kernel function. • Kernel functions are used to map the original dataset. Types: • Linear • Polynomial • Radial basis function (RBF) • Sigmoid

  27. Kernel Rule • Define kernel or a window function as follows:

  28. Linear and Polynomial Kernels • It is popular in image processing. • Less time consuming and provides less accuracy .

  29. Gaussian Radial Basis Function (RBF) • It is a general-purpose kernel, used when there is no prior knowledge about the data. • More time consuming and provides better accuracy .

  30. ROPgadget

  31. ROPGadgetInstallaion $ git clone -b master http://github.com/JonathanSalwan/ROPgadget.git $ cd ROPgadget $ cd ./dependencies/capstone-next $ ./make.sh $ sudo ./make.sh install $ cd ./bindings/python $ make $ sudo make install

  32. ROPgadget

  33. Some ROP Gadgets

  34. Some ROP Gadgets

  35. Some ROP Gadgets

  36. ROPChain

  37. Discussion • To conclude the discussion above, we would machine learning is the most appropriate technique of detecting ROP attacks. • As we know ROP is a very granular level attack and it is very difficult to detect. • We have found that more that 14071 ROP attack type chain has been discovered in x86 system. If we able to make an data set with this ROP chain snippet and train our SVM we would be able to detect an ROP attack.

  38. Conclusion • In conclusion, we can confidently prescribe that the dataset if constructed with the generated ROPgadget.py, we will be detecting an ROP attack. • More importantly now days various IoT devices “High-density compute nodes feature a heterogeneous CPU architecture”. • A further and broader study is required to protect all the processor types apart from traditional and most widely used processors.

  39. Thank you!

More Related