Detecting code alteration based on memory allocation

Detecting code alteration based on memory allocation

Techniques are described for identifying anomalous execution instance of the process as a security risk by analyzing the memory allocation for the process. Performance data describing memory allocation data describing the amount of memory allocated for a process or utilized by a process during its e...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
1. Verfasser: Brezinski Dominique Imjya
Format: Patent
Sprache:eng
Schlagworte:
CALCULATING
COMPUTER SYSTEMS BASED ON SPECIFIC COMPUTATIONAL MODELS
COMPUTING
COUNTING
ELECTRIC DIGITAL DATA PROCESSING
PHYSICS
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Techniques are described for identifying anomalous execution instance of the process as a security risk by analyzing the memory allocation for the process. Performance data describing memory allocation data describing the amount of memory allocated for a process or utilized by a process during its execution. A baseline of memory allocation is established for the plurality of executions of the process by applying a statistical distribution to the performance data collected. A memory allocation for the executing process may be compared to the baseline. An anomalous execution instance of the process that is outside a predetermined number of statistical variances of the baseline may be determined. At least one anomalous execution instance of the process may be designated as a security risk based at least partly on the anomalous memory allocation.