Computer exploit detection using heap spray pattern matching
US9438623B1 · kind B1 · utility
Assignee
Inventors
Key dates
| Filing date | Jun 20, 2014 |
| Grant date | Sep 6, 2016 |
| Priority date | — |
| Expiry date | Sep 9, 2034 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F21/52
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
According to one embodiment, a threat detection system is integrated with at least a dynamic analysis engine. The dynamic analysis engine is configured to automatically to detect potential shellcode at a first storage location within a region of memory allocated for an application, conduct a first search at one or more storage locations prior to the first storage location within the region of allocated memory for at least one or more patterns, conduct a second search at one or more storage locations subsequent to the first storage location within the region of allocated memory for at least one or more patterns, detect a first pattern at one or more storage locations prior to the first storage location within the region of allocated memory, and detect a second pattern at one or more storage locations subsequent to the first storage location with the region of allocated memory, wherein at least one of the first pattern or the second pattern is absent from a predefined list of patterns.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.