Abstract: As a major type of non-control data attacks, decision-making data attacks can easily bypass any prevention method targeting control data attacks. A novel method named as Anomalous Path Lazily Detection（APLD） is proposed due to the weakness of the existing prevention methods targeting decision-making data attacks. To effectively prevent the same conditional branch information belonging to the same path from being hidden, a cascading hash is introduced to compute correct program execution path information. Since the execution path information is only validated before executing the system call instruction, the performance overhead is reduced benefited from the reduction of frequency of validation. Theoretical analysis and experimental results show that APLD can effectively defend decision-making data attacks and has achieved significant safety with a modest performance penalty.

Key words: decision-making data attacks, execution path integrity, cascading hash, Anomalous Path Lazily Detection（APLD）, false negative rate

摘要： 作为一种主要的非控制流数据攻击的类型，决策性数据攻击能绕开以控制流相关数据作为保护对象的防御方法。在分析现有的防御决策性数据攻击方法的优缺点基础上，提出了一种延迟的异常路径检测方法。为有效避免相同的条件跳转信息被隐藏，引入了层连的哈希运算以获取正确的程序执行路径信息。在系统调用执行前检测该路径信息的有效性，能有效降低检测频率，从而降低性能开销。理论分析和实验结果表明，该防御方法能有效防御决策性数据攻击，且其漏检率低，性能开销适中。

关键词: 决策性数据攻击, 执行路径一致性, 层连的哈希运算, 异常路径延迟检测, 漏检率