Session

GLYPH: Efficient ML-based Detection of Heap Spraying Attacks

This talk explores a new application of ML for systems security: applying ML to runtime memory monitoring for detection of ongoing memory exploitation attacks. In particular, we present Glyph: the first ML-based system for effective and efficient heap spraying detection. Glyph extends (and is built on top of) Graffiti, an OS-agnostic memory monitoring system originally published at USENIX Security 2016. We investigate and compare effectiveness of different feature spaces based on information entropy and memory n-grams extracted from process memory, and discuss several engineering challenges faced to make Glyph feasible for runtime detection. We also assess Glyph’s resilience against evasive heap spray variants, demonstrating it achieves higher accuracy and less runtime overhead than the (not ML-based) state of the art in heap spray detection, Nozzle. This work allows us to reason about the trade-offs between detection performance and runtime overhead of using ML for detecting ongoing memory exploitation attacks.

Biography

Fabio Pierazzi is currently a Lecturer (Assistant Professor) in Computer Science at King’s College London, where he is also a member of the Cybersecurity (CYS) group and of the Systems Security Research Lab (S2Lab). His research expertise is on statistical methods for malware analysis and intrusion detection, with a particular emphasis on settings in which attackers adapt quickly to new defenses (high non-stationarity, adaptive attackers). Before joining King’s College London as a Lecturer in Sep 2019, he has obtained his Ph.D. in Computer Science in University of Modena, Italy (2014–2017), he has been a research visitor at University of Maryland, College Park, USA (2016), and he has been a Post-Doctoral Researcher in the Systems Security Research Lab (S2Lab), first at Royal Holloway University of London and then at King’s College London (2017–2019). Home page: https://fabio.pierazzi.com

 

Latest news

3 reasons you need to be at CyberSec&AI ...

Partnerships and collaborations drive progress and technological advances. With travel restrictions ...

Podcast: Avast’s Michal Pechoucek on what e...

Michal is one of the chief architects behind CyberSec&AI Connected, which takes place online on ...

Bobby Filar, Lead Data Scientist at Elastic, ...

Bobby Filar is the Lead Data Scientist at Elastic where he employs machine learning and natural lang...

Professor Lorenzo Cavallaro on adversarial ma...

Lorenzo leads the Systems Security Research Lab where he specializes in the intersection of program ...