Method and apparatus for detecting malicious shell codes using debugging events
US8646076B1 · kind B1 · utility
Assignee
Inventors
Key dates
| Filing date | May 2, 2013 |
| Grant date | Feb 4, 2014 |
| Priority date | — |
| Expiry date | May 2, 2033 |
Classification
- Technology area (CPC Y)Emerging Cross-Sectional Technologies
- CPC primaryY10T24/1476
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
An apparatus for detecting malicious shell codes using a debugging event includes an alert setting unit configured to set a mother program to run a non-executable file to trigger the debugging event when a mother process created by the mother program tries to execute a code with no execution attribute; and an information storage unit configured to store information on an address range in which modules to be used by the mother process are loaded in a memory. Further, the apparatus includes a malicious code determination unit configured to determine whether the non-executable file is malicious using the information on the address range when there occurs the debugging event.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.