IDEAS home Printed from https://ideas.repec.org/a/spr/infosf/v23y2021i2d10.1007_s10796-020-10014-7.html
   My bibliography  Save this article

HoneyGadget: A Deception Based Approach for Detecting Code Reuse Attacks

Author

Listed:
  • Xin Huang

    (Wuhan University)

  • Fei Yan

    (Wuhan University)

  • Liqiang Zhang

    (Wuhan University)

  • Kai Wang

    (Wuhan University)

Abstract

Code reuse attacks such as Return-Oriented Programming (ROP) and Jump-Oriented Programming (JOP) are the prevalent attack techniques which reuse code snippets named gadget in vulnerable applications and hijack control flow to achieve malicious behaviors. Existing defense techniques for code reuse attacks attempt to prevent illegal control flow transition or make locating gadgets a hard work. However, decades of the arms race proved the ability to detect and prevent advanced attacks is still outdated. In this paper, we propose HoneyGadget, a deception based approach for detecting code reuse attacks. HoneyGadget works by inserting honey gadgets into the application as decoys and keep track of their addresses once the application is loaded. During the execution phase, HoneyGadget traces the execution records using Last Branch Record (LBR), compares the LBR records with the maintained address list, and alarms code reuse attacks if some records match. HoneyGadget not only prevents code reuse attacks, but also provides LBR records for researchers to analyze patterns of these attacks. We have developed a fully functioning prototype of HoneyGadget. Our evaluation results show that HoneyGadget can capture code reuse attacks effectively and only incurs a modest performance overhead.

Suggested Citation

  • Xin Huang & Fei Yan & Liqiang Zhang & Kai Wang, 2021. "HoneyGadget: A Deception Based Approach for Detecting Code Reuse Attacks," Information Systems Frontiers, Springer, vol. 23(2), pages 269-283, April.
  • Handle: RePEc:spr:infosf:v:23:y:2021:i:2:d:10.1007_s10796-020-10014-7
    DOI: 10.1007/s10796-020-10014-7
    as

    Download full text from publisher

    File URL: http://link.springer.com/10.1007/s10796-020-10014-7
    File Function: Abstract
    Download Restriction: Access to the full text of the articles in this series is restricted.

    File URL: https://libkey.io/10.1007/s10796-020-10014-7?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    As the access to this document is restricted, you may want to search for a different version of it.

    References listed on IDEAS

    as
    1. Robert E. Crossler & France Bélanger & Dustin Ormond, 2019. "The quest for complete security: An empirical analysis of users’ multi-layered protection from security threats," Information Systems Frontiers, Springer, vol. 21(2), pages 343-357, April.
    2. Arun Vishwanath, 2015. "Diffusion of deception in social media: Social contagion effects and its antecedents," Information Systems Frontiers, Springer, vol. 17(6), pages 1353-1367, December.
    Full references (including those not matched with items on IDEAS)

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Shouhuai Xu & Moti Yung & Jingguo Wang, 2021. "Seeking Foundations for the Science of Cyber Security," Information Systems Frontiers, Springer, vol. 23(2), pages 263-267, April.

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Kjell Hausken & Jonathan W. Welburn, 2021. "Attack and Defense Strategies in Cyber War Involving Production and Stockpiling of Zero-Day Cyber Exploits," Information Systems Frontiers, Springer, vol. 23(6), pages 1609-1620, December.
    2. Sarraf, Shagun & Kushwaha, Amit Kumar & Kar, Arpan Kumar & Dwivedi, Yogesh K. & Giannakis, Mihalis, 2024. "How did online misinformation impact stockouts in the e-commerce supply chain during COVID-19 – A mixed methods study," International Journal of Production Economics, Elsevier, vol. 267(C).
    3. Paul M. Gangi & Allen C. Johnston & James L. Worrell & Samuel C. Thompson, 0. "What could possibly go wrong? A multi-panel Delphi study of organizational social media risk," Information Systems Frontiers, Springer, vol. 0, pages 1-20.
    4. Xiaohui Zhang & Qianzhou Du & Zhongju Zhang, 2022. "A theory‐driven machine learning system for financial disinformation detection," Production and Operations Management, Production and Operations Management Society, vol. 31(8), pages 3160-3179, August.
    5. Sheshadri Chatterjee & Ranjan Chaudhuri & Demetris Vrontis, 2023. "Role of fake news and misinformation in supply chain disruption: impact of technology competency as moderator," Annals of Operations Research, Springer, vol. 327(2), pages 659-682, August.
    6. Jeffrey D. Wall & Prashant Palvia & John D’Arcy, 2022. "Theorizing the Behavioral Effects of Control Complementarity in Security Control Portfolios," Information Systems Frontiers, Springer, vol. 24(2), pages 637-658, April.
    7. Konstantina Spanaki & Thanos Papadopoulos & Uchitha Jayawickrama & Femi Olan & Shaofeng Liu, 2023. "Editorial: fake news, misinformation, and supply chain disruptions: the role of emerging technologies," Annals of Operations Research, Springer, vol. 327(2), pages 601-604, August.
    8. Obi M. Ogbanufe & Corey Baham, 2023. "Using Multi-Factor Authentication for Online Account Security: Examining the Influence of Anticipated Regret," Information Systems Frontiers, Springer, vol. 25(2), pages 897-916, April.
    9. Isaac Owusu Asante & Jiaming Fang & Dennis Fiifi Darko & Hossin M. D. Altab, 2021. "Examining the Antecedents of User Donation Intentions Toward Social Media Articles: Moderation Effects of Social Contagion," SAGE Open, , vol. 11(1), pages 21582440211, March.
    10. Konstantina Spanaki & Thanos Papadopoulos & Uchitha Jayawickrama & Femi Olan & Shaofeng Liu, 2023. "Editorial: fake news, misinformation, and supply chain disruptions: the role of emerging technologies," Post-Print hal-04158399, HAL.
    11. Xin Huang & Fei Yan & Liqiang Zhang & Kai Wang, 0. "HoneyGadget: A Deception Based Approach for Detecting Code Reuse Attacks," Information Systems Frontiers, Springer, vol. 0, pages 1-15.
    12. Nan Jing & Zhao Wu & Shanshan Lyu & Vijayan Sugumaran, 2021. "Information credibility evaluation in online professional social network using tree augmented naïve Bayes classifier," Electronic Commerce Research, Springer, vol. 21(2), pages 645-669, June.
    13. Kawaljeet Kaur Kapoor & Kuttimani Tamilmani & Nripendra P. Rana & Pushp Patil & Yogesh K. Dwivedi & Sridhar Nerur, 2018. "Advances in Social Media Research: Past, Present and Future," Information Systems Frontiers, Springer, vol. 20(3), pages 531-558, June.
    14. Paul M. Gangi & Allen C. Johnston & James L. Worrell & Samuel C. Thompson, 2018. "What could possibly go wrong? A multi-panel Delphi study of organizational social media risk," Information Systems Frontiers, Springer, vol. 20(5), pages 1097-1116, October.
    15. Reema Aswani & Arpan Kumar Kar & P. Vigneswara Ilavarasan, 2018. "Detection of Spammers in Twitter marketing: A Hybrid Approach Using Social Media Analytics and Bio Inspired Computing," Information Systems Frontiers, Springer, vol. 20(3), pages 515-530, June.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:spr:infosf:v:23:y:2021:i:2:d:10.1007_s10796-020-10014-7. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Sonal Shukla or Springer Nature Abstracting and Indexing (email available below). General contact details of provider: http://www.springer.com .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.