DEVICE AND METHOD FOR DETECTING VULNERABILITY ATTACK IN PROGRAM
First Claim
1. A device for detecting a vulnerability attack in a program, comprising:
- a hooking processing unit for suspending execution of a process by hooking a function when the process is executed and the function is called to perform a specific task;
an information collecting unit for collecting and outputting call stack return address information by checking a call stack of the function hooked by the hooking processing unit; and
an information determining unit for preventing execution of a malicious code by detecting a malicious behavior from analysis of the call stack return information that is output from the information collecting unit.
1 Assignment
0 Petitions
Accused Products
Abstract
A device and method for detecting a vulnerability attack in a program, includes a hooking processing unit that suspends execution of a process by hooking a function when the process is executed and calls the function to perform a specific task; an information collecting unit that collects and outputs information about call stack return address by checking a call stack of the function hooked by the hooking processing unit; and an information determining unit that detects a malicious behavior by analyzing the call stack return address information output from the information collecting unit. The device and method for detecting a vulnerability attack in a program may prevent execution of a malicious code by detecting erroneous access or code execution in a whole area of memory.
45 Citations
14 Claims
-
1. A device for detecting a vulnerability attack in a program, comprising:
-
a hooking processing unit for suspending execution of a process by hooking a function when the process is executed and the function is called to perform a specific task; an information collecting unit for collecting and outputting call stack return address information by checking a call stack of the function hooked by the hooking processing unit; and an information determining unit for preventing execution of a malicious code by detecting a malicious behavior from analysis of the call stack return information that is output from the information collecting unit. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method for detecting a vulnerability attack in a program, comprising:
-
a hooking processing operation for suspending execution of a process by hooking a function when the process is executed and calls the function to perform a specific task; an information collecting operation for collecting and outputting call stack return address information by checking a call stack of the function hooked by the hooking processing operation; and a diagnosis processing operation for preventing execution of a malicious code by detecting a malicious behavior from analysis of the call stack return address information output from the information collecting operation. - View Dependent Claims (11, 12, 13, 14)
-
Specification