Classification of return-oriented programming gadgets: a machine learning approach

Classification of return-oriented programming gadgets: a machine learning approach

연구 분야: Strategies

학회: Journal of Computer Virology and Hacking Techniques

Over the years, a popular method to hijack a process flow has been to use Return Oriented Programming gadgets. This method involves chaining together several pieces of code called gadgets to perform malicious actions. A vital part of these approaches is to identify and classify gadgets from the executable to screen the usable ones. To this end, researchers have developed various solutions that are commonly used during vulnerability analysis. However, they require a significant computation time that may limit their utilization. The aim of this paper is to investigate whether machine learning can aid to perform such gadget classifications to allow an analyst to exploit a vulnerability. With this objective, a labeled dataset of gadgets has been created through a time-consuming but high-accuracy symbolic analysis tool. Suitable data transformations and discrete-valued data encodings have been identified for machine learning methods to work effectively on this dataset. Finally, an empirical comparison of the classification models has been performed and it has been possible to identify the Random Forest classifier with the target encoding that produces an ROC-AUC over 0.98. The classifier has also been used to reduce the number of gadgets and significantly decrease the computation time of symbolic tools.