Centrala begrepp
The author introduces RAGE, a novel CFA approach for embedded devices, addressing limitations of existing schemes by leveraging Graph Neural Networks to detect Code Reuse Attacks efficiently.
Sammanfattning
The paper introduces RAGE, a lightweight CFA approach for embedded devices that overcomes limitations of existing schemes. By utilizing Unsupervised Graph Neural Networks, RAGE can efficiently detect Code Reuse Attacks and achieve high accuracy in detecting real-world and synthetic attacks on embedded software.
Existing Control-Flow Attestation (CFA) schemes face challenges due to impractical assumptions and high computational overhead. The introduction of RAGE aims to address these limitations by providing a novel approach with minimal requirements. By leveraging the correspondence between execution trace, graph, and embeddings, RAGE eliminates the need for a complete Control-Flow Graph (CFG).
RAGE is evaluated on various benchmarks and real-world attacks, showcasing its effectiveness in detecting malicious activities while maintaining low False Positive Rates. The paper also discusses the training process using Variational Graph Autoencoders (VGAEs) and the importance of feature extraction in preparing data for machine learning.
Overall, RAGE presents a promising solution for efficient control-flow attestation in embedded devices by introducing a novel approach that leverages Graph Neural Networks to detect code reuse attacks effectively.
Statistik
"RAGE can detect Code Reuse Attacks (CRA), achieving 98.03% F1-Score for ROP attacks."
"RAGE achieves 97.49% F1-Score for DOP attack detection on OpenSSL."
"RAGE maintains a low False Positive Rate of 3.19%."