skip to main content
10.1145/3548608.3559263acmotherconferencesArticle/Chapter ViewAbstractPublication PagesiccirConference Proceedingsconference-collections
research-article

Software Control Flow Anomaly Detection Technology Based On Neural Network

Published: 14 October 2022 Publication History

Abstract

This paper presents a control flow anomaly detection model, which applies neural network to control flow anomaly detection and performs feature extraction and behavior modeling of control flow. At present, there is little research on the control flow anomaly detection of neural networks, and there is no in-depth research on the feature extraction of data. We studied the characteristics of control flow, used Intel Processor Trace to implement the extraction and processing of control flow, and designed a basic block vectorization method based on time series features and a basic block vectorization method based on structural features. The vectorization methods eliminate the manual amount of feature engineering. The anomaly detection model uses a bidirectional LSTM and it combines the idea of a classification plane. We perform corresponding evaluations based on the adobe reader software. Experimental results show that the model achieves a 98.74% recall rate and a 0.44% false positive rate for the corresponding control flow anomaly detection of Adobe Reader in an offline environment, effectively detects the exploit, and successfully distinguishes between benign and malicious control flow.

References

[1]
Mart´ın Abadi, Mihai Budiu, Ulfar Erlingsson, and Jay Ligatti. Control-flow integrity principles, implementations, and applications. ACM Transactions on Information and System Security (TISSEC), 13(1):1–40, 2009.
[2]
Ming-hua WANG, Ling-yun YING, and Deng-guo FENG. Exploit detection based on illegal control flow transfers identification. Journal on Communications, 35(9):20, 2014.
[3]
Aravind Prakash, Heng Yin, and Zhenkai Liang. Enforcing system-wide control flow integrity for exploit detection and diagnosis. In Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security, pages 311–322, 2013.
[4]
Yoon-Ho Choi, Peng Liu, Zitong Shang, Haizhou Wang, Zhilong Wang, Lan Zhang, Junwei Zhou, and Qingtian Zou. Using deep learning to solve computer security challenges: a survey. Cybersecurity, 3(1):1–32, 2020.
[5]
Bryan Perozzi, Rami Al-Rfou, and Steven Skiena. Deepwalk: Online learning of social representations. In Proceedings of the 20th ACM SIGKDD international conference on Knowledge discovery and data mining, pages 701–710, 2014.
[6]
William L Hamilton, Rex Ying, and Jure Leskovec. Inductive representation learning on large graphs. In Proceedings of the 31st International Conference on Neural Information Processing Systems, pages 1025–1035, 2017.
[7]
Carter Yagemann, Salmin Sultana, Li Chen, and Wenke Lee. Barnum: Detecting document malware via control flow anomalies in hardware traces. In International Conference on Information Security, pages 341–359. Springer, 2019.
[8]
Jiliang Zhang, Wuqiao Chen, and Yuqi Niu. Deepcheck: A non-intrusive control-flow integrity checking based on deep learning. arXiv preprint arXiv:1905.01858, 2019.
[9]
Anh Viet Phan, Minh Le Nguyen, and Lam Thu Bui. Convolutional neural networks over control flow graphs for software defect prediction. In 2017 IEEE 29th International Conference on Tools with Artificial Intelligence (ICTAI), pages 45–52. IEEE, 2017.
[10]
Li Chen, Salmin Sultana, and Ravi Sahita. Henet: A deep learning approach on intel® processor trace for effective exploit detection. In 2018 IEEE Security and Privacy Workshops (SPW), pages 109–115. IEEE, 2018.

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences
ICCIR '22: Proceedings of the 2022 2nd International Conference on Control and Intelligent Robotics
June 2022
905 pages
ISBN:9781450397179
DOI:10.1145/3548608
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 14 October 2022

Permissions

Request permissions for this article.

Check for updates

Qualifiers

  • Research-article
  • Research
  • Refereed limited

Conference

ICCIR 2022

Acceptance Rates

Overall Acceptance Rate 131 of 239 submissions, 55%

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • 0
    Total Citations
  • 65
    Total Downloads
  • Downloads (Last 12 months)21
  • Downloads (Last 6 weeks)0
Reflects downloads up to 25 Dec 2024

Other Metrics

Citations

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

HTML Format

View this article in HTML Format.

HTML Format

Media

Figures

Other

Tables

Share

Share

Share this Publication link

Share on social media