Runtime Prevention of Deserialization Attacks
Francois Gauthier, Sora Bae
TL;DR
This paper introduces a lightweight runtime method using Markov chains to detect and prevent deserialization attacks, significantly improving security by distinguishing malicious payloads from benign ones.
Contribution
The paper proposes a novel approach employing Markov chains for real-time detection of deserialization attacks, enhancing security measures against a prominent vulnerability.
Findings
Achieved an F1-score of 0.94 on a dataset of 264 payloads.
Effectively distinguishes malicious from benign serialized objects.
Demonstrates practical applicability in industrial Java EE environments.
Abstract
Untrusted deserialization exploits, where a serialised object graph is used to achieve denial-of-service or arbitrary code execution, have become so prominent that they were introduced in the 2017 OWASP Top 10. In this paper, we present a novel and lightweight approach for runtime prevention of deserialization attacks using Markov chains. The intuition behind our work is that the features and ordering of classes in malicious object graphs make them distinguishable from benign ones. Preliminary results indeed show that our approach achieves an F1-score of 0.94 on a dataset of 264 serialised payloads, collected from an industrial Java EE application server and a repository of deserialization exploits.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.