Abstract
Recent exploit techniques are highly complex, and it is not easy for cybersecurity learners to understand the attack strategies quickly and clearly. For efficient and comprehensive learning, this paper proposes an attack-scheme visualization system that fulfills three requirements: attack progress visualization in real-time, memory and register-level description, and concise description of the attack schemes. This paper exemplifies two cases: stack buffer overflow and ROP attacks, and demonstrates how the system operates and how users can learn that existing defense technologies are effective or ineffective depending on the execution environments.
Highlights
Nowadays, new vulnerabilities in software and hardware are discovered every day, and new attack techniques that exploit vulnerabilities have been developed
One of them is return-oriented programming (ROP) [2], which is an exploit technique that allows attackers to achieve control flow hijacking through executing machine instruction sequences called a gadget, which is present in the machine's memory and ends with a return instruction
Comprehensive learning: 1) The system should provide an environment in which exploit codes can run, and should visualize what the code is performing in real-time because learners can gain a lot of knowledge through modifying and executing the codes
Summary
New vulnerabilities in software and hardware are discovered every day, and new attack techniques that exploit vulnerabilities have been developed. Advances in attack technologies are being highly accelerated by various bug bounty programs (HackerOne, iDefence, etc.) and numbers of hacking competitions (Pwn2Own, Mobile Pwn2Own, DEFCON, etc.) Because of this arm race between attackers and defenders, highly sophisticated cyber-attack techniques, such as control-flow hijack attacks [1], have been developed. Comprehensive learning: 1) The system should provide an environment in which exploit codes can run (e.g., it should not be a simulator or emulator), and should visualize what the code is performing in real-time because learners can gain a lot of knowledge through modifying and executing the codes. That provide cyber ranges, virtual environments for cyberwarfare training and cyber technology development These focus on teaching the best practice on how to respond to network cyber-crime rather than teaching how attack codes work.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have