Method to detect application execution hijacking using memory protection
US10210329B1 · kind B1 · utility
Assignee
Inventors
Key dates
| Filing date | Sep 30, 2015 |
| Grant date | Feb 19, 2019 |
| Priority date | — |
| Expiry date | Apr 30, 2037 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F2221/033
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
According to one embodiment, a system comprising a dynamic analysis server comprising one or more virtual machines is disclosed, wherein the one or more virtual machines may be configured to execute certain event logic with respect to a loaded module. The virtual machines may be communicatively coupled to a virtual machine manager and a database; and rule-matching logic comprising detection logic, wherein the detection logic is configured to determine (1) whether an access source is attempting to access a protected region such as a page guarded area; and (2) determine whether the access source is from the heap. The system further comprises reporting logic that is configured to generate an alert so as to notify a user and/or network administrator of a probable application-execution hijacking attack.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.