摘要

Control flow integrity (CFI) is an effective method to defend against return-oriented programming (ROP) attack. To address the four drawbacks of current CFI approaches, i.e., high performance overhead, relying on software code information, subject to history flushing attack, and evasion attack, this study proposed an ROP attack detection approach based on hardware branch information-mispredicted indirect branch checker, called MIBChecker. It performs real time ROP detection on every mispredicted indirect branch via events triggered by performance monitor unit, and produces a new critical syscall data detection approach to defend against ROP attacks using short gadgets-chain. Experiments show that MIBChecker can detect gadgets which is not affected by history flushing attack, and can effectively detect common ROP attack and evasion attack with only 5.7% performance overhead.