DETERMINING A FREQUENCY AT WHICH TO EXECUTE TRAP CODE IN AN EXECUTION PATH OF A PROCESS EXECUTING A PROGRAM TO GENERATE A TRAP ADDRESS RANGE TO DETECT POTENTIAL MALICIOUS CODE
First Claim
1. A computer program product for detecting potentially malicious code accessing data from a storage, the computer program product comprising a computer readable storage medium having computer readable program code embodied therein that when executed performs operations, the operations comprising:
- executing trap code in response to processing a specified type of command in application code to allocate a trap address range used to detect potentially malicious code;
executing the specified type of command in the application code;
determining whether to modify a frequency of executing the trap code in response to processing the specified type of command; and
modifying the frequency of executing the trap code in response to processing the specified type of command in response to determining to determining to modify the frequency of executing the trap code.
1 Assignment
0 Petitions
Accused Products
Abstract
Provided are a computer program product, system, and method for determining a frequency at which to execute trap code in an execution path of a process executing a program to generate a trap address range to detect potential malicious code. Trap code is executed in response to processing a specified type of command in application code to allocate a trap address range used to detect potentially malicious code. A determination is whether to modify a frequency of executing the trap code in response to processing a specified type of command. The frequency of executing the trap code is modified in response to processing the specified type of command in response to determining to determining to modify the frequency of executing the trap code.
7 Citations
26 Claims
-
1. A computer program product for detecting potentially malicious code accessing data from a storage, the computer program product comprising a computer readable storage medium having computer readable program code embodied therein that when executed performs operations, the operations comprising:
-
executing trap code in response to processing a specified type of command in application code to allocate a trap address range used to detect potentially malicious code; executing the specified type of command in the application code; determining whether to modify a frequency of executing the trap code in response to processing the specified type of command; and modifying the frequency of executing the trap code in response to processing the specified type of command in response to determining to determining to modify the frequency of executing the trap code. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A computer program product for detecting potentially malicious code accessing data from a storage, the computer program product comprising a computer readable storage medium having computer readable program code embodied therein that when executed by a processor performs operations, the operations comprising:
-
executing, by the processor, application code; speculatively executing, by the processor, branches of conditional branches of the application code in advance of a location at which the application code is being executed, wherein a result of only one of the conditional branches is maintained depending on a condition used to determine which of the conditional branches to traverse; detecting potentially malicious activity; and in response to detecting the potentially malicious activity, disabling the speculatively executing of the application code. - View Dependent Claims (11, 12, 13)
-
-
14. A system for detecting potentially malicious code accessing data from a storage, comprising:
-
processor; and a computer readable storage medium having computer readable program that when executed by the processor performs operations, the operations comprising; executing trap code in response to processing a specified type of command in application code to allocate a trap address range used to detect potentially malicious code; executing the specified type of command in the application code; determining whether to modify a frequency of executing the trap code in response to processing the specified type of command; and modifying the frequency of executing the trap code in response to processing the specified type of command in response to determining to determining to modify the frequency of executing the trap code. - View Dependent Claims (15, 16, 17, 18)
-
-
19. A method for detecting potentially malicious code accessing data from a storage, comprising:
-
executing trap code in response to processing a specified type of command in application code to allocate a trap address range used to detect potentially malicious code; executing the specified type of command in the application code; determining whether to modify a frequency of executing the trap code in response to processing the specified type of command; and modifying the frequency of executing the trap code in response to processing the specified type of command in response to determining to determining to modify the frequency of executing the trap code. - View Dependent Claims (20, 21, 22, 23)
-
-
24. A system for detecting potentially malicious code accessing data from a storage, comprising:
-
processor; and a computer readable storage medium having computer readable program that when executed by the processor performs operations, the operations comprising; executing, by the processor, application code; speculatively executing, by the processor, branches of conditional branches of the application code in advance of a location at which the application code is being executed, wherein a result of only one of the conditional branches is maintained depending on a condition used to determine which of the conditional branches to traverse; detecting potentially malicious activity; and in response to detecting the potentially malicious activity, disabling the speculatively executing of the application code. - View Dependent Claims (25, 26)
-
Specification