×

Detection of malicious invocation of application program interface calls

  • US 10,339,303 B2
  • Filed: 01/22/2015
  • Issued: 07/02/2019
  • Est. Priority Date: 01/22/2015
  • Status: Active Grant
First Claim
Patent Images

1. At least one non-transitory computer-readable medium comprising one or more instructions that when executed by at least one processor, cause the processor to:

  • receive, by a kernel driver executed by the at least one processor, an application program interface (API) call, wherein the kernel driver is included within a kernel space;

    extract, with the kernel driver, metadata from the API call;

    determine, with the kernel driver, that the API call should be hooked based on the extracted metadata;

    hook, with the kernel driver, the API call;

    communicate the API call and the extracted metadata to a security module, wherein the security module determines if the API call should be allowed or denied; and

    allow the API call if a response from the security module is not received after a predetermined amount of time has passed from when the API call and the extracted metadata was communicated to the security module.

View all claims
  • 11 Assignments
Timeline View
Assignment View
    ×
    ×