System, apparatus and method for detecting a data-oriented programming attack
US10503902B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Mar 8, 2017 |
| Grant date | Dec 10, 2019 |
| Priority date | — |
| Expiry date | Dec 16, 2037 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F21/566
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
In one embodiments, an apparatus includes: an execution circuit to execute a program; a monitor circuit to monitor the program execution to obtain information regarding a plurality of control transfers incurred during the execution of the program; a graph generation circuit, based on the information, to generate a plurality of control flow graphs each associated with a portion of the execution of the program; a statistic generation circuit to calculate a plurality of feature vectors each associated with one of the plurality of control flow graphs, each of the plurality of feature vectors including a plurality of graph statistics based on the associated control flow graph; and a comparison circuit to compare at least some of the plurality of graph statistics of one or more of the plurality of feature vectors to corresponding graph statistics of a statistical model of the execution of the program, to identify whether an anomaly has occurred in the execution of the program. Other embodiments are described and claimed.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.