390 likes | 419 Views
Understand Return-Oriented Programming (ROP) techniques in x86 systems, ROP payload generation, and neural network concepts. Discover SVM applications and kernel functions in machine learning.
E N D
Return Oriented Programming • ROP is a technique where attacker uses the existence code in such a way that the program behaves the way the attacker wants. • A ROP chains together instructions sequence already present in the program’s address space, of which ends in RET to form its intended Attack.
The Processor Architectures • We represent about the Intel family’s x86 or 32-bit system.
Return-Oriented Exploitation • This exploitation of ROP works in such a way that the attackers get to work out the way attacker wants it to behave. • To work it out properly these gadgets must be placed in the memory properly to execute the exploitation.
ROP Payload • In this project, we will be generating the ROP payload using the ROP generator. • For this experiment we are considering “ROPgadget - Gadgets finder and auto-roper”. • This tool lets you search your gadgets on your binaries to facilitate your ROP exploitation
ROPgadget Tool • This tool lets you search your gadgets on your binaries to facilitate your ROP exploitation. • ROPgadget supports ELF/PE/Mach-O format on x86, x64, ARM, ARM64, PowerPC, SPARC and MIPS architectures.
Neural Networks • Artificial Neural networks or even Connectionists systems, are computing systems inspired by the biological neural network. • In other words, a computer system that is modeled on a human brain and nervous system. • Now, sometimes they are even structured or consists of an animal brain. • It is designed for problem solving, by processing information of how a biological nervous system perceives it. • It consists of interconnected processing neurons, which are fed the input to work in unison to solve a specific problem.
Neural networks process information in a similar way the brains do. • They cannot be instructed to follow a set of commands. • Rather they are fed examples to learn from; which by the way, needs to be carefully chosen so as not to be mis-fed the information or affect and change the desired output process.
Feed Forward: Also known as Artificial Neuron, is the simplest type of a neural network. • Feeding through input. Processes it. Exits as output. • Data travels only in one direction.
Radial Basis Function Input neurons are placed with respect to the center. Has two layers. • First layer for combining the features of radial basis function. It is the inner layer. • The output of combination of these features are taken and used for computing the output of the set.
KohonenSelf Organizing: • A Kohonen Map, has an objective to input vectors of arbitrary dimensions to discrete map filled with neurons. • The map itself can be uni or bi-dimensional. • It uses unsupervised learning approach for its training.
Recurrent Neural Network: As the name suggests, this works in a simple function of taking the first output of the set and making it the input for second layer. • This helps in predicting the cumulative output of all the layers. • This input method is also known as the front propagation system. • The first layer input is similar to the Feed Forward Neural Network.
Convolutional Neural Network: Most widely used in image processing. • Requires bare minimum preprocessing. • Input here also works on the front propagation system. • Also widely used in weather forecasts and predicting agricultural growth.
Modular Neural Network: A series of independent artificial neural networks combined together by a single intermediary. • Each node is an individual module. • Operates on separate input to accomplish a subtask of something larger, a main task.
SVM Support Vector Machine (SVM) is a robust classification and regression technique that maximizes the predictive accuracy of a model without overfitting the training data.
SVM applications in many disciplines • Customer relationship management (CRM) • Facial and other image recognition • Bioinformatics • Intrusion detection • Voice and speech recognition • Text mining concept extraction
Kernel Function • The mathematical function used for the transformation is known as the kernel function. • Kernel functions are used to map the original dataset. Types: • Linear • Polynomial • Radial basis function (RBF) • Sigmoid
Kernel Rule • Define kernel or a window function as follows:
Linear and Polynomial Kernels • It is popular in image processing. • Less time consuming and provides less accuracy .
Gaussian Radial Basis Function (RBF) • It is a general-purpose kernel, used when there is no prior knowledge about the data. • More time consuming and provides better accuracy .
ROPGadgetInstallaion $ git clone -b master http://github.com/JonathanSalwan/ROPgadget.git $ cd ROPgadget $ cd ./dependencies/capstone-next $ ./make.sh $ sudo ./make.sh install $ cd ./bindings/python $ make $ sudo make install
Discussion • To conclude the discussion above, we would machine learning is the most appropriate technique of detecting ROP attacks. • As we know ROP is a very granular level attack and it is very difficult to detect. • We have found that more that 14071 ROP attack type chain has been discovered in x86 system. If we able to make an data set with this ROP chain snippet and train our SVM we would be able to detect an ROP attack.
Conclusion • In conclusion, we can confidently prescribe that the dataset if constructed with the generated ROPgadget.py, we will be detecting an ROP attack. • More importantly now days various IoT devices “High-density compute nodes feature a heterogeneous CPU architecture”. • A further and broader study is required to protect all the processor types apart from traditional and most widely used processors.