This work addresses the vulnerability of WebAssembly’s linear memory model to memory corruption attacks and the inadequacy of existing defenses in providing effective runtime integrity verification within adversarial host environments. To this end, the authors propose Walma, a novel framework that pioneers the application of machine learning to WebAssembly memory integrity monitoring. Walma employs a convolutional neural network (CNN) to classify memory snapshots and integrates multiple instrumentation strategies with a cross-platform backend supporting both CPU and GPU execution, enabling non-intrusive and deployable monitoring. Evaluation on six real-world applications affected by known CVEs demonstrates that Walma achieves a favorable trade-off between accuracy and overhead: it incurs only a 1.07× performance slowdown in coarse-grained mode and 1.5–1.8× in fine-grained mode.

WebAssembly's (Wasm) monolithic linear memory model facilitates memory corruption attacks that can escalate to cross-site scripting in browsers or go undetected when a malicious host tampers with a module's state. Existing defenses rely on invasive binary instrumentation or custom runtimes, and do not address runtime integrity verification under an adversarial host model. We present Walma, a framework for WebAssembly Linear Memory Attestation that leverages machine learning to detect memory corruption and external tampering by classifying memory snapshots. We evaluate Walma on six real-world CVE-affected applications across three verification backends (cpu-wasm, cpu-tch, gpu) and three instrumentation policies. Our results demonstrate that CNN-based classification can effectively detect memory corruption in applications with structured memory layouts, with coarse-grained boundary checks incurring as low as 1.07x overhead, while fine-grained monitoring introduces higher (1.5x--1.8x) but predictable costs. Our evaluation quantifies the accuracy and overhead trade-offs across deployment configurations, demonstrating the practical feasibility of ML-based memory attestation for WebAssembly.