- 专利标题: Hardware heuristic-driven binary translation-based execution analysis for return-oriented programming malware detection
-
申请号: US16572277申请日: 2019-09-16
-
公开(公告)号: US11347853B2公开(公告)日: 2022-05-31
- 发明人: Palanivelrajan Rajan Shanmugavelayutham , Koichi Yamada , Vadim Sukhomlinov , Igor Muttik , Oleksandr Bazhaniuk , Yuriy Bulygin , Dmitri Dima Rubakha , Jennifer Eligius Mankin , Carl D. Woodward , Sevin F. Varoglu , Dima Mirkin , Alex Nayshtut
- 申请人: McAfee, LLC
- 申请人地址: US CA Santa Clara
- 专利权人: McAfee, LLC
- 当前专利权人: McAfee, LLC
- 当前专利权人地址: US CA Santa Clara
- 代理机构: Hanley, Flight & Zimmerman, LLC
- 主分类号: G06F21/56
- IPC分类号: G06F21/56
摘要:
A combination of hardware monitoring and binary translation software allow detection of return-oriented programming (ROP) exploits with low overhead and low false positive rates. Embodiments may use various forms of hardware to detect ROP exploits and indicate the presence of an anomaly to a device driver, which may collect data and pass the indication of the anomaly to the binary translation software to instrument the application code and determine whether an ROP exploit has been detected. Upon detection of the ROP exploit, the binary translation software may indicate the ROP exploit to an anti-malware software, which may take further remedial action as desired.
公开/授权文献
信息查询
