Walma: Learning to See Memory Corruption in WebAssembly

Computer Science > Cryptography and Security [Submitted on 25 Mar 2026] Walma: Learning to See Memory Corruption in WebAssembly Oussama Draissi, Mark Günzel, Ahmad-Reza Sadeghi, Lucas Davi WebAssembly's (Wasm) monolithic linear memory model facilitates memory corruption attacks that can escalate to cross-site scripting in browsers or go undetected when a malicious host tampers with a module's state. Existing defenses rely on invasive binary instrumentation or custom runtimes, and do not address runtime integrity verification under an adversarial host model. We present Walma, a framework for WebAssembly Linear Memory Attestation that leverages machine learning to detect memory corruption and external tampering by classifying memory snapshots. We evaluate Walma on six real-world CVE-affected applications across three verification backends (cpu-wasm, cpu-tch, gpu) and three instrumentation policies. Our results demonstrate that CNN-based classification can effectively detect memory corruption in applications with structured memory layouts, with coarse-grained boundary checks incurring as low as 1.07x overhead, while fine-grained monitoring introduces higher (1.5x--1.8x) but predictable costs. Our evaluation quantifies the accuracy and overhead trade-offs across deployment configurations, demonstrating the practical feasibility of ML-based memory attestation for WebAssembly. Comments: 9 pages, 4 figures, 3 tables Subjects: Cryptography and Security (cs.CR); Machine Learning (cs.LG) ACM classes: D.4.6 Cite as: arXiv:2603.24167 [cs.CR]   (or arXiv:2603.24167v1 [cs.CR] for this version)   https://doi.org/10.48550/arXiv.2603.24167 Focus to learn more Submission history From: Oussama Draissi [view email] [v1] Wed, 25 Mar 2026 10:34:29 UTC (162 KB) Access Paper: HTML (experimental) view license Current browse context: cs.CR < prev   |   next > new | recent | 2026-03 Change to browse by: cs cs.LG References & Citations NASA ADS Google Scholar Semantic Scholar Export BibTeX Citation Bookmark Bibliographic Tools Bibliographic and Citation Tools Bibliographic Explorer Toggle Bibliographic Explorer (What is the Explorer?) Connected Papers Toggle Connected Papers (What is Connected Papers?) Litmaps Toggle Litmaps (What is Litmaps?) scite.ai Toggle scite Smart Citations (What are Smart Citations?) Code, Data, Media Demos Related Papers About arXivLabs Which authors of this paper are endorsers? | Disable MathJax (What is MathJax?)