Invention Grant
US08601322B2 Methods, media, and systems for detecting anomalous program executions
有权
用于检测异常程序执行的方法,介质和系统
- Patent Title: Methods, media, and systems for detecting anomalous program executions
- Patent Title (中): 用于检测异常程序执行的方法,介质和系统
-
Application No.: US13301741Application Date: 2011-11-21
-
Publication No.: US08601322B2Publication Date: 2013-12-03
- Inventor: Salvatore J. Stolfo , Angelos D. Keromytis , Stylianos Sidiroglou
- Applicant: Salvatore J. Stolfo , Angelos D. Keromytis , Stylianos Sidiroglou
- Applicant Address: US NY New York
- Assignee: The Trustees of Columbia University in the City of New York
- Current Assignee: The Trustees of Columbia University in the City of New York
- Current Assignee Address: US NY New York
- Agency: Byrne Poh LLP
- Main IPC: G06F11/00
- IPC: G06F11/00
Abstract:
Methods, media, and systems for detecting anomalous program executions are provided. In some embodiments, methods for detecting anomalous program executions are provided, comprising: executing at least a part of a program in an emulator; comparing a function call made in the emulator to a model of function calls for the at least a part of the program; and identifying the function call as anomalous based on the comparison. In some embodiments, methods for detecting anomalous program executions are provided, comprising: modifying a program to include indicators of program-level function calls being made during execution of the program; comparing at least one of the indicators of program-level function calls made in the emulator to a model of function calls for the at least a part of the program; and identifying a function call corresponding to the at least one of the indicators as anomalous based on the comparison.
Public/Granted literature
- US20120151270A1 METHODS, MEDIA, AND SYSTEMS FOR DETECTING ANOMALOUS PROGRAM EXECUTIONS Public/Granted day:2012-06-14
Information query
