English

Runtime Prevention of Deserialization Attacks

Cryptography and Security 2022-04-21 v1 Software Engineering

Abstract

Untrusted deserialization exploits, where a serialised object graph is used to achieve denial-of-service or arbitrary code execution, have become so prominent that they were introduced in the 2017 OWASP Top 10. In this paper, we present a novel and lightweight approach for runtime prevention of deserialization attacks using Markov chains. The intuition behind our work is that the features and ordering of classes in malicious object graphs make them distinguishable from benign ones. Preliminary results indeed show that our approach achieves an F1-score of 0.94 on a dataset of 264 serialised payloads, collected from an industrial Java EE application server and a repository of deserialization exploits.

Keywords

Cite

@article{arxiv.2204.09388,
  title  = {Runtime Prevention of Deserialization Attacks},
  author = {Francois Gauthier and Sora Bae},
  journal= {arXiv preprint arXiv:2204.09388},
  year   = {2022}
}
R2 v1 2026-06-24T10:53:11.489Z