Abstract
The address space randomization technique was proposed to make determining the address of a shared library more difficult since each instance of the program is loaded into a random base address. However, when address space randomization layout (ASLR) is implemented on a 32-bit system, an attacker can use a brute force attack to guess the address of the shared library. The main goal of the research described in this paper is to study the use of a dispatching algorithm and multiple back-end servers as a moving target defense technique to mitigate ASLR weaknesses. First, we present a brute force attack when the number of servers is known. Second, we present a brute force attack when the number of servers is unknown. Last, we present the probability of the attacker's success on both of the attacks.