Go to DBLP homepageDeep Neural Networks Study for Advanced Code-reuse Attacks Detection
Abstract: The RISC-V architecture is becoming increasingly common in embedded systems, including industrial controllers and autonomous vehicles, where security is a critical concern. These systems require protection against cyberattacks that can compromise program flow and trigger malicious behavior. Recent approaches to applying Control Flow Integrity (CFI) in RISC-V systems involve either modifying the instruction set architecture or implementing custom hardware IP. Although effective against many Code Reuse Attacks (CRAs), these countermeasures often depend on specialized toolchains, custom binaries, or dedicated CFI hardware. Deep Learning (DL)-based techniques, on the other hand, can learn complex, high-dimensional signatures of code reuse, and they can incorporate features from any instruction stream or microarchitectural trace. In this work, we propose and evaluate several Deep Neural Network (DNN) architectures for detecting CRAs. Specifically, we propose a framework for dataset creation and supervised and semi-supervised training of DNNs. These DNNs integrate state-of-the-art embedding mechanisms along with recurrent, and attention layers, allowing us to evaluate their performance in recognizing valid execution paths within benchmark programs. Execution traces were extracted using QEMU on RISC-V architectures and using the Intel Processor Trace (IPT) on Intel x86_64 architectures. Our results show that a simple RNN based on GRU layers is sufficient to achieve 99% accuracy in Intel x86_64 and 96% accuracy in RISC-V.
External IDs:dblp:conf/rtsi/OliveiraMPBA25
Loading