{"id":"https://openalex.org/W3086852650","doi":"https://doi.org/10.3233/jcs-191368","title":"DeepReturn: A deep neural network can learn how to detect previously-unseen ROP payloads without using any heuristics","display_name":"DeepReturn: A deep neural network can learn how to detect previously-unseen ROP payloads without using any heuristics","publication_year":2020,"publication_date":"2020-09-10","ids":{"openalex":"https://openalex.org/W3086852650","doi":"https://doi.org/10.3233/jcs-191368","mag":"3086852650"},"language":"en","primary_location":{"id":"doi:10.3233/jcs-191368","is_oa":false,"landing_page_url":"https://doi.org/10.3233/jcs-191368","pdf_url":null,"source":{"id":"https://openalex.org/S106992369","display_name":"Journal of Computer Security","issn_l":"0926-227X","issn":["0926-227X","1875-8924"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310318577","host_organization_name":"IOS Press","host_organization_lineage":["https://openalex.org/P4310318577"],"host_organization_lineage_names":["IOS Press"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Journal of Computer Security","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5100709607","display_name":"Xusheng Li","orcid":"https://orcid.org/0000-0003-0492-7455"},"institutions":[{"id":"https://openalex.org/I130769515","display_name":"Pennsylvania State University","ror":"https://ror.org/04p491231","country_code":"US","type":"education","lineage":["https://openalex.org/I130769515"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Xusheng Li","raw_affiliation_strings":["College of Information Sciences and Technology, Pennsylvania State University, PA, USA. E-mails:\u00a0,\u00a0,\u00a0","College of Information Sciences and Technology, Pennsylvania State University, PA, USA. E-mails:\u00a0xul200@psu.edu,\u00a0hjw5074@psu.edu,\u00a0pliu@ist.psu.edu"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"College of Information Sciences and Technology, Pennsylvania State University, PA, USA. E-mails:\u00a0,\u00a0,\u00a0","institution_ids":["https://openalex.org/I130769515"]},{"raw_affiliation_string":"College of Information Sciences and Technology, Pennsylvania State University, PA, USA. E-mails:\u00a0xul200@psu.edu,\u00a0hjw5074@psu.edu,\u00a0pliu@ist.psu.edu","institution_ids":["https://openalex.org/I130769515"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5021769053","display_name":"Zhisheng Hu","orcid":"https://orcid.org/0000-0003-1940-9829"},"institutions":[{"id":"https://openalex.org/I98301712","display_name":"Baidu (China)","ror":"https://ror.org/03vs3wt56","country_code":"CN","type":"company","lineage":["https://openalex.org/I98301712"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Zhisheng Hu","raw_affiliation_strings":["Baidu Security, CA, USA. E-mail:\u00a0","Baidu Security, CA, USA. E-mail:\u00a0zhishenghu@baidu.com"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Baidu Security, CA, USA. E-mail:\u00a0","institution_ids":["https://openalex.org/I98301712"]},{"raw_affiliation_string":"Baidu Security, CA, USA. E-mail:\u00a0zhishenghu@baidu.com","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101769226","display_name":"Haizhou Wang","orcid":"https://orcid.org/0000-0002-4130-1833"},"institutions":[{"id":"https://openalex.org/I130769515","display_name":"Pennsylvania State University","ror":"https://ror.org/04p491231","country_code":"US","type":"education","lineage":["https://openalex.org/I130769515"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Haizhou Wang","raw_affiliation_strings":["College of Information Sciences and Technology, Pennsylvania State University, PA, USA. E-mails:\u00a0,\u00a0,\u00a0","College of Information Sciences and Technology, Pennsylvania State University, PA, USA. E-mails:\u00a0xul200@psu.edu,\u00a0hjw5074@psu.edu,\u00a0pliu@ist.psu.edu"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"College of Information Sciences and Technology, Pennsylvania State University, PA, USA. E-mails:\u00a0,\u00a0,\u00a0","institution_ids":["https://openalex.org/I130769515"]},{"raw_affiliation_string":"College of Information Sciences and Technology, Pennsylvania State University, PA, USA. E-mails:\u00a0xul200@psu.edu,\u00a0hjw5074@psu.edu,\u00a0pliu@ist.psu.edu","institution_ids":["https://openalex.org/I130769515"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5107923354","display_name":"Yiwei Fu","orcid":null},"institutions":[{"id":"https://openalex.org/I4210134512","display_name":"GE Global Research (United States)","ror":"https://ror.org/03e06qt98","country_code":"US","type":"company","lineage":["https://openalex.org/I4210134512"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Yiwei Fu","raw_affiliation_strings":["GE Research, NY, USA. E-mail:\u00a0","GE Research, NY, USA. E-mail:\u00a0yiweifu1@gmail.com"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"GE Research, NY, USA. E-mail:\u00a0","institution_ids":["https://openalex.org/I4210134512"]},{"raw_affiliation_string":"GE Research, NY, USA. E-mail:\u00a0yiweifu1@gmail.com","institution_ids":["https://openalex.org/I4210134512"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100400329","display_name":"Ping Chen","orcid":"https://orcid.org/0000-0003-3789-7686"},"institutions":[{"id":"https://openalex.org/I4210139663","display_name":"United Technologies Corporation (Poland)","ror":"https://ror.org/04gmtb593","country_code":"PL","type":"company","lineage":["https://openalex.org/I4210139663"]},{"id":"https://openalex.org/I72427458","display_name":"JDSU (United States)","ror":"https://ror.org/01a5v8x09","country_code":"US","type":"company","lineage":["https://openalex.org/I72427458"]}],"countries":["PL","US"],"is_corresponding":false,"raw_author_name":"Ping Chen","raw_affiliation_strings":["JD.com American Technologies Corporation, CA, USA. E-mail:\u00a0","JD.com American Technologies Corporation, CA, USA. E-mail:\u00a0ping.chen@jd.com"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"JD.com American Technologies Corporation, CA, USA. E-mail:\u00a0","institution_ids":["https://openalex.org/I4210139663"]},{"raw_affiliation_string":"JD.com American Technologies Corporation, CA, USA. E-mail:\u00a0ping.chen@jd.com","institution_ids":["https://openalex.org/I72427458"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101766328","display_name":"Minghui Zhu","orcid":"https://orcid.org/0000-0003-3879-7820"},"institutions":[{"id":"https://openalex.org/I130769515","display_name":"Pennsylvania State University","ror":"https://ror.org/04p491231","country_code":"US","type":"education","lineage":["https://openalex.org/I130769515"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Minghui Zhu","raw_affiliation_strings":["School of Electrical Engineering and Computer Science, Pennsylvania State University, PA, USA. E-mail:\u00a0","School of Electrical Engineering and Computer Science, Pennsylvania State University, PA, USA. E-mail:\u00a0muz16@psu.edu"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"School of Electrical Engineering and Computer Science, Pennsylvania State University, PA, USA. E-mail:\u00a0","institution_ids":["https://openalex.org/I130769515"]},{"raw_affiliation_string":"School of Electrical Engineering and Computer Science, Pennsylvania State University, PA, USA. E-mail:\u00a0muz16@psu.edu","institution_ids":["https://openalex.org/I130769515"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5100346838","display_name":"Peng Liu","orcid":"https://orcid.org/0000-0002-5694-6271"},"institutions":[{"id":"https://openalex.org/I130769515","display_name":"Pennsylvania State University","ror":"https://ror.org/04p491231","country_code":"US","type":"education","lineage":["https://openalex.org/I130769515"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Peng Liu","raw_affiliation_strings":["College of Information Sciences and Technology, Pennsylvania State University, PA, USA. E-mails:\u00a0,\u00a0,\u00a0","College of Information Sciences and Technology, Pennsylvania State University, PA, USA. E-mails:\u00a0xul200@psu.edu,\u00a0hjw5074@psu.edu,\u00a0pliu@ist.psu.edu"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"College of Information Sciences and Technology, Pennsylvania State University, PA, USA. E-mails:\u00a0,\u00a0,\u00a0","institution_ids":["https://openalex.org/I130769515"]},{"raw_affiliation_string":"College of Information Sciences and Technology, Pennsylvania State University, PA, USA. E-mails:\u00a0xul200@psu.edu,\u00a0hjw5074@psu.edu,\u00a0pliu@ist.psu.edu","institution_ids":["https://openalex.org/I130769515"]}]}],"institutions":[],"countries_distinct_count":3,"institutions_distinct_count":7,"corresponding_author_ids":["https://openalex.org/A5100346838"],"corresponding_institution_ids":["https://openalex.org/I130769515"],"apc_list":null,"apc_paid":null,"fwci":0.408,"has_fulltext":false,"cited_by_count":4,"citation_normalized_percentile":{"value":0.70083538,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":96},"biblio":{"volume":"28","issue":"5","first_page":"499","last_page":"523"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9987000226974487,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9818000197410583,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8568429946899414},{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.8147437572479248},{"id":"https://openalex.org/keywords/heuristics","display_name":"Heuristics","score":0.7703838348388672},{"id":"https://openalex.org/keywords/gadget","display_name":"Gadget","score":0.7022972106933594},{"id":"https://openalex.org/keywords/overhead","display_name":"Overhead (engineering)","score":0.6292476654052734},{"id":"https://openalex.org/keywords/code","display_name":"Code (set theory)","score":0.5954495668411255},{"id":"https://openalex.org/keywords/artificial-neural-network","display_name":"Artificial neural network","score":0.5785849094390869},{"id":"https://openalex.org/keywords/reuse","display_name":"Reuse","score":0.4888767600059509},{"id":"https://openalex.org/keywords/code-reuse","display_name":"Code reuse","score":0.4882510006427765},{"id":"https://openalex.org/keywords/convolutional-neural-network","display_name":"Convolutional neural network","score":0.4263013005256653},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.40254899859428406},{"id":"https://openalex.org/keywords/real-time-computing","display_name":"Real-time computing","score":0.3283287584781647},{"id":"https://openalex.org/keywords/embedded-system","display_name":"Embedded system","score":0.32343626022338867},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.16318076848983765},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.15960702300071716},{"id":"https://openalex.org/keywords/algorithm","display_name":"Algorithm","score":0.12899330258369446},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.12763941287994385},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.12493064999580383}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8568429946899414},{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.8147437572479248},{"id":"https://openalex.org/C127705205","wikidata":"https://www.wikidata.org/wiki/Q5748245","display_name":"Heuristics","level":2,"score":0.7703838348388672},{"id":"https://openalex.org/C119770614","wikidata":"https://www.wikidata.org/wiki/Q5516347","display_name":"Gadget","level":2,"score":0.7022972106933594},{"id":"https://openalex.org/C2779960059","wikidata":"https://www.wikidata.org/wiki/Q7113681","display_name":"Overhead (engineering)","level":2,"score":0.6292476654052734},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.5954495668411255},{"id":"https://openalex.org/C50644808","wikidata":"https://www.wikidata.org/wiki/Q192776","display_name":"Artificial neural network","level":2,"score":0.5785849094390869},{"id":"https://openalex.org/C206588197","wikidata":"https://www.wikidata.org/wiki/Q846574","display_name":"Reuse","level":2,"score":0.4888767600059509},{"id":"https://openalex.org/C2778583558","wikidata":"https://www.wikidata.org/wiki/Q771245","display_name":"Code reuse","level":3,"score":0.4882510006427765},{"id":"https://openalex.org/C81363708","wikidata":"https://www.wikidata.org/wiki/Q17084460","display_name":"Convolutional neural network","level":2,"score":0.4263013005256653},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.40254899859428406},{"id":"https://openalex.org/C79403827","wikidata":"https://www.wikidata.org/wiki/Q3988","display_name":"Real-time computing","level":1,"score":0.3283287584781647},{"id":"https://openalex.org/C149635348","wikidata":"https://www.wikidata.org/wiki/Q193040","display_name":"Embedded system","level":1,"score":0.32343626022338867},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.16318076848983765},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.15960702300071716},{"id":"https://openalex.org/C11413529","wikidata":"https://www.wikidata.org/wiki/Q8366","display_name":"Algorithm","level":1,"score":0.12899330258369446},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.12763941287994385},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.12493064999580383},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.0},{"id":"https://openalex.org/C18903297","wikidata":"https://www.wikidata.org/wiki/Q7150","display_name":"Ecology","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.3233/jcs-191368","is_oa":false,"landing_page_url":"https://doi.org/10.3233/jcs-191368","pdf_url":null,"source":{"id":"https://openalex.org/S106992369","display_name":"Journal of Computer Security","issn_l":"0926-227X","issn":["0926-227X","1875-8924"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310318577","host_organization_name":"IOS Press","host_organization_lineage":["https://openalex.org/P4310318577"],"host_organization_lineage_names":["IOS Press"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Journal of Computer Security","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","score":0.5799999833106995,"display_name":"Peace, Justice and strong institutions"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":46,"referenced_works":["https://openalex.org/W70478248","https://openalex.org/W88849960","https://openalex.org/W233021882","https://openalex.org/W947140380","https://openalex.org/W1429241971","https://openalex.org/W1482566649","https://openalex.org/W1515653707","https://openalex.org/W1544471297","https://openalex.org/W1586939924","https://openalex.org/W1631846088","https://openalex.org/W1823377586","https://openalex.org/W1832693441","https://openalex.org/W1963947298","https://openalex.org/W1968002620","https://openalex.org/W1969501726","https://openalex.org/W1980287119","https://openalex.org/W1982778414","https://openalex.org/W1996931407","https://openalex.org/W2035247360","https://openalex.org/W2042856445","https://openalex.org/W2060276266","https://openalex.org/W2063907334","https://openalex.org/W2064675550","https://openalex.org/W2066293121","https://openalex.org/W2074943483","https://openalex.org/W2095705004","https://openalex.org/W2108598243","https://openalex.org/W2109219878","https://openalex.org/W2121579803","https://openalex.org/W2123436168","https://openalex.org/W2133592286","https://openalex.org/W2148461049","https://openalex.org/W2155810272","https://openalex.org/W2159216827","https://openalex.org/W2162800072","https://openalex.org/W2258876169","https://openalex.org/W2293825325","https://openalex.org/W2340915558","https://openalex.org/W2397986719","https://openalex.org/W2510394756","https://openalex.org/W2519368194","https://openalex.org/W2597604324","https://openalex.org/W2612403404","https://openalex.org/W2767094836","https://openalex.org/W2891621711","https://openalex.org/W2963064278"],"related_works":["https://openalex.org/W2617372781","https://openalex.org/W2182697532","https://openalex.org/W1517387344","https://openalex.org/W1544062218","https://openalex.org/W1544471297","https://openalex.org/W4285362543","https://openalex.org/W185550498","https://openalex.org/W2999970562","https://openalex.org/W2348203156","https://openalex.org/W2226868092"],"abstract_inverted_index":{"Return-oriented":[0],"programming":[1],"(ROP)":[2],"is":[3,130],"a":[4,80,99],"code":[5,14,65],"reuse":[6],"attack":[7],"that":[8,91,116],"chains":[9],"short":[10],"snippets":[11],"of":[12,110],"existing":[13],"to":[15,54,69,139],"perform":[16],"arbitrary":[17],"operations":[18],"on":[19],"target":[20],"machines.":[21],"Existing":[22],"detection":[23,29,95],"methods":[24],"against":[25],"ROP":[26,56,114,125],"exhibit":[27],"unsatisfactory":[28],"accuracy":[30],"and/or":[31],"have":[32],"high":[33,94],"runtime":[34,137],"overhead.":[35],"In":[36],"this":[37],"paper,":[38],"we":[39],"present":[40],"DeepReturn,":[41],"which":[42,75],"innovatively":[43],"combines":[44],"address":[45],"space":[46],"layout":[47],"guided":[48],"disassembly":[49],"and":[50,67,98,132],"deep":[51,81],"neural":[52,82],"networks":[53],"detect":[55],"payloads.":[57],"The":[58],"disassembler":[59],"treats":[60],"application":[61],"input":[62],"data":[63],"as":[64,84],"pointers":[66],"aims":[68],"find":[70],"any":[71,136],"potential":[72],"gadget":[73],"chains,":[74],"are":[76,117],"then":[77],"classified":[78],"by":[79,124],"network":[83],"benign":[85],"or":[86,122],"malicious.":[87],"Our":[88],"experiments":[89],"show":[90],"DeepReturn":[92,106,129],"has":[93],"rate":[96,104],"(99.3%)":[97],"very":[100],"low":[101],"false":[102],"positive":[103],"(0.01%).":[105],"successfully":[107],"detects":[108],"all":[109],"the":[111,140],"100":[112],"real-world":[113],"exploits":[115],"collected":[118],"in-the-wild,":[119],"created":[120,123],"manually":[121],"exploit":[126],"generation":[127],"tools.":[128],"non-intrusive":[131],"does":[133],"not":[134],"incur":[135],"overhead":[138],"protected":[141],"program.":[142]},"counts_by_year":[{"year":2025,"cited_by_count":1},{"year":2022,"cited_by_count":2},{"year":2021,"cited_by_count":1}],"updated_date":"2026-05-04T08:30:34.212998","created_date":"2025-10-10T00:00:00"}