Detection Method of ROP Attack for Cisco IOS

Cisco IOS (Internetwork Operating System) is a dedicated operating system for Cisco routers. Due to hardware constraints, it pays more attention to performance while ignoring system security, resulting in inability to effectively detect Return-Oriented Programming (ROP). Attacks. Aiming at the shortcomings of traditional ROP protection technology in solving Cisco IOS protection, a method based on return address memory hash verification is proposed, which can effectively detect ROP attacks oriented to Cisco IOS, and analyze the ROP attack code. Capture. By analyzing the advantages and disadvantages of the existing protection mechanisms against ROP attacks, on the basis of the compact shadow memory protection idea, the traditional shadow memory storage mode is transformed into a hash-based memory search mode, and the return address memory pointer is added. As the index of hash lookup, the records of 's are used to improve the efficiency of shadow memory search, and at the same time, it can resist shadow memory