HARDWARE HEURISTIC-DRIVEN BINARY TRANSLATION-BASED EXECUTION ANALYSIS FOR RETURN-ORIENTED PROGRAMMING MALWARE DETECTION

HARDWARE HEURISTIC-DRIVEN BINARY TRANSLATION-BASED EXECUTION ANALYSIS FOR RETURN-ORIENTED PROGRAMMING MALWARE DETECTION

A combination of hardware monitoring and binary translation software allow detection of return-oriented programming (ROP) exploits with low overhead and low false positive rates. Embodiments may use various forms of hardware to detect ROP exploits and indicate the presence of an anomaly to a device...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Shanmugavelayutham, Palanivelrajan Rajan, Mankin, Jennifer Eligius, Bazhaniuk, Oleksandr, Bulygin, Yuriy, Varoglu, Sevin F, Nayshtut, Alex, Sukhomlinov, Vadim, Rubakha, Dmitri Dima, Muttik, Igor, Mirkin, Dima, Yamada, Koichi, Woodward, Carl D
Format: Patent
Sprache:eng
Schlagworte:
CALCULATING
COMPUTING
COUNTING
ELECTRIC DIGITAL DATA PROCESSING
PHYSICS
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:A combination of hardware monitoring and binary translation software allow detection of return-oriented programming (ROP) exploits with low overhead and low false positive rates. Embodiments may use various forms of hardware to detect ROP exploits and indicate the presence of an anomaly to a device driver, which may collect data and pass the indication of the anomaly to the binary translation software to instrument the application code and determine whether an ROP exploit has been detected. Upon detection of the ROP exploit, the binary translation software may indicate the ROP exploit to an anti-malware software, which may take further remedial action as desired.