The leading newsletter for AI and Cybersecurity!
© 2026 AI Sentinel Newsletter | Exploring the frontiers of AI Research and Cybersecurity.
"RAGE can detect Code Reuse Attacks (CRA), including control and non-control data attacks."RAGE introduces a novel and lightweight approach to Control-Flow Attestation (CFA) for embedded devices. By utilising Unsupervised Graph Neural Networks (GNNs), this method addresses the impractical requirements of existing CFA schemes. RAGE effectively detects Code Reuse Attacks (CRA), including both control-data and non-control-data attacks, by leveraging the relationship between execution traces and execution graphs.
Remote attestation is a process that verifies the integrity of software running on a remote system (the prover). However, conventional static schemes are incapable of detecting code-reuse attacks (CRAs) such as Return-Oriented Programming (ROP) and Data-Oriented Programming (DOP). They are becoming increasingly prevalent in embedded devices. While Control-Flow Attestation (CFA) was proposed to overcome these limitations, existing CFA schemes often suffer from significant drawbacks. They typically require a large set of execution measurements, complete access to a Control-Flow Graph (CFG), or specialised hardware. Relying on a complete CFG poses challenges since reconstructing a Complete Control-Flow Graph (CCFG) is generally infeasible in real-world situations and can only be approximated.
RAGE is particularly well-suited for resource-constrained embedded devices due to its low computational complexity for feature extraction and its minimal model size. This scheme has been evaluated on embedded software, including the Embench benchmark suite and critical cryptographic libraries like OpenSSL and Diffie–Hellman. Evaluation results indicate that RAGE can successfully recognise 40 real-world attacks on embedded software, including return-to-libc and ROP attacks, demonstrating precise detection in practical scenarios. On average, RAGE achieved an F1-score of 98.03% for ROP detection and 91.01% for DOP detection on the Embench suite. Moreover, due to its low overhead, RAGE is suitable for deployment on embedded systems for detection on the Embench suite.
You can download the article by clicking here.
© 2026 AI Sentinel Newsletter | Exploring the frontiers of AI Research and Cybersecurity.