Abstract

Recent exploit techniques are highly complex, and it is not easy for cybersecurity learners to understand the attack strategies quickly and clearly. For efficient and comprehensive learning, this paper proposes an attack-scheme visualization system that fulfills three requirements: attack progress visualization in real-time, memory and register-level description, and concise description of the attack schemes. This paper exemplifies two cases: stack buffer overflow and ROP attacks, and demonstrates how the system operates and how users can learn that existing defense technologies are effective or ineffective depending on the execution environments.

Highlights

  • Nowadays, new vulnerabilities in software and hardware are discovered every day, and new attack techniques that exploit vulnerabilities have been developed

  • One of them is return-oriented programming (ROP) [2], which is an exploit technique that allows attackers to achieve control flow hijacking through executing machine instruction sequences called a gadget, which is present in the machine's memory and ends with a return instruction

  • Comprehensive learning: 1) The system should provide an environment in which exploit codes can run, and should visualize what the code is performing in real-time because learners can gain a lot of knowledge through modifying and executing the codes

Read more

Summary

INTRODUCTION

New vulnerabilities in software and hardware are discovered every day, and new attack techniques that exploit vulnerabilities have been developed. Advances in attack technologies are being highly accelerated by various bug bounty programs (HackerOne, iDefence, etc.) and numbers of hacking competitions (Pwn2Own, Mobile Pwn2Own, DEFCON, etc.) Because of this arm race between attackers and defenders, highly sophisticated cyber-attack techniques, such as control-flow hijack attacks [1], have been developed. Comprehensive learning: 1) The system should provide an environment in which exploit codes can run (e.g., it should not be a simulator or emulator), and should visualize what the code is performing in real-time because learners can gain a lot of knowledge through modifying and executing the codes. That provide cyber ranges, virtual environments for cyberwarfare training and cyber technology development These focus on teaching the best practice on how to respond to network cyber-crime rather than teaching how attack codes work.

RELATED WORK
SYSTEM CONFIGURATION
Stack Buffer Overflow
Return-Oriented Programming
FURTHER LEARNING
Findings
CONCLUSIONS AND FUTURE WORK
Full Text
Published version (Free)

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call