Detection of code injection attacks
First Claim
1. A method for detecting foreign code injected into a computer program executed by a heterogeneous computer system comprising a plurality of different processors each with different architecture and different native instruction set, and memory, the plurality of different processors being configured to execute instructions stored in the memory, the method comprising:
- executing a first portion of the computer program by a first processor having a first architecture and a first instruction set;
executing a second portion of the computer program by a second processor having a second architecture and a second instruction set different than the first instruction set;
detecting, on the heterogeneous computer system, an illegal instruction error;
recording the illegal instruction error;
determining whether a threshold condition for an attack on the heterogeneous computer system is met based on patterns of multiple previous attacks clustered together and the number of different architectures; and
generating an alert if the threshold condition for the attack on the heterogeneous computer system is met, wherein the illegal instruction error is triggered by an instruction encoded in a third instruction set different from the first and second instruction sets.
13 Assignments
0 Petitions
Accused Products
Abstract
A method for detecting foreign code injected into a computer system including a processor and memory, the processor being configured to execute instructions stored in the memory, includes: detecting, on the computer system, an illegal instruction error; recording the illegal instruction error; determining whether a threshold condition is met; and generating an alert if the threshold condition is met.
-
Citations
16 Claims
-
1. A method for detecting foreign code injected into a computer program executed by a heterogeneous computer system comprising a plurality of different processors each with different architecture and different native instruction set, and memory, the plurality of different processors being configured to execute instructions stored in the memory, the method comprising:
-
executing a first portion of the computer program by a first processor having a first architecture and a first instruction set; executing a second portion of the computer program by a second processor having a second architecture and a second instruction set different than the first instruction set; detecting, on the heterogeneous computer system, an illegal instruction error; recording the illegal instruction error; determining whether a threshold condition for an attack on the heterogeneous computer system is met based on patterns of multiple previous attacks clustered together and the number of different architectures; and generating an alert if the threshold condition for the attack on the heterogeneous computer system is met, wherein the illegal instruction error is triggered by an instruction encoded in a third instruction set different from the first and second instruction sets. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A computer system comprising a plurality of different processors each with different architecture and different native instruction set, and memory storing program instructions, the computer system being configured to execute instructions stored in the memory, the computer system being configured to:
-
execute a first portion of the computer program by a first processor having a first architecture and a first instruction set; execute a second portion of the computer program by a second processor having a second architecture and a second instruction set different than the first instruction set; detect an illegal instruction error; record the illegal instruction error; determine whether a threshold condition for an attack on the heterogeneous computer system is met based on patterns of multiple previous attacks clustered together and the number of different architectures; and generate an alert if the threshold condition for the attack on the heterogeneous computer system is met, wherein the illegal instruction error is triggered by an instruction encoded in a third instruction set different from the first and second instruction sets. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A non-transitory computer readable medium embodying program instructions for execution by a heterogeneous computer system, the program instructions adapting the heterogeneous computer system for:
-
executing a first portion of the computer program by a first processor having a first architecture and a first instruction set; executing a second portion of the computer program by a second processor having a second architecture and a second instruction set different than the first instruction set; detecting, on the heterogeneous computer system, an illegal instruction error;
recording the illegal instruction error;determining whether a threshold condition for an attack on the heterogeneous computer system is met based on patterns of multiple previous attacks clustered together and the number of different architectures; and generating an alert if the threshold condition for the attack on the heterogeneous computer system is met, wherein the illegal instruction error is triggered by an instruction encoded in a third instruction set different from the first and second instruction sets. - View Dependent Claims (16)
-
Specification