System and Method for Automatic Detection of Attempted Virtual Function Table or Virtual Function Table Pointer Overwrite Attack

System and Method for Automatic Detection of Attempted Virtual Function Table or Virtual Function Table Pointer Overwrite Attack

System, method and media are shown for automatically detecting an attempted V-table exploit based attack involving receiving crash dump data relating to a fault event, identifying code instructions and associated parameters in the crash dump data, analyzing the identified code instructions and assoc...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
1. Verfasser: DAVIDOV MIKHAIL
Format: Patent
Sprache:eng
Schlagworte:
CALCULATING
COMPUTING
COUNTING
ELECTRIC COMMUNICATION TECHNIQUE
ELECTRIC DIGITAL DATA PROCESSING
ELECTRICITY
PHYSICS
TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:System, method and media are shown for automatically detecting an attempted V-table exploit based attack involving receiving crash dump data relating to a fault event, identifying code instructions and associated parameters in the crash dump data, analyzing the identified code instructions and associated parameters to detect whether an instruction with a dynamic branch fault is present in the crash dump data, if a dynamic branch fault is found, analyzing the instruction with the dynamic branch fault for invalid data relating to the dynamic branch, and generating an alert if the instruction with the dynamic branch fault includes invalid data. Some examples include automatically sending a message to a network administrator indicating a type of attack and a code module or instruction that faulted. Other examples include automatically triggering system defenses to respond to the attack includes at least one of limiting and blocking access to vulnerable code.