Methods, systems, and computer readable media for detecting injected machine code
First Claim
Patent Images
1. A method for detecting injected machine code, the method comprising:
- extracting data content from a buffer;
providing an operating system kernel configured to detect injected machine code;
executing, using the operating system kernel, the data content on a physical processor;
monitoring, using the operating system kernel, the execution of the data content to determine whether the data content contains injected machine code indicative of a code injection attack; and
generating output specifying at least one of whether injected machine code was detected, a location in the buffer where injected machine code was detected, and a log of actions performed by detected injected machine code.
1 Assignment
0 Petitions
Accused Products
Abstract
According to one aspect, the subject matter described herein includes a method for detecting injected machine code. The method includes extracting data content from a buffer. The method also includes providing an operating system kernel configured to detect injected machine code. The method further includes executing, using the operating system kernel, the data content on a physical processor. The method further includes monitoring, using the operating system kernel, the execution of the data content to determine whether the data content contains injected machine code indicative of a code injection attack.
-
Citations
23 Claims
-
1. A method for detecting injected machine code, the method comprising:
-
extracting data content from a buffer; providing an operating system kernel configured to detect injected machine code; executing, using the operating system kernel, the data content on a physical processor; monitoring, using the operating system kernel, the execution of the data content to determine whether the data content contains injected machine code indicative of a code injection attack; and generating output specifying at least one of whether injected machine code was detected, a location in the buffer where injected machine code was detected, and a log of actions performed by detected injected machine code. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A system for detecting injected machine code, the system comprising:
an operating system kernel configured to detect injected machine code, wherein the operating system kernel includes; a buffer execution module configured to extract data content from a buffer and execute, using the operating system kernel, the data content on a physical processor; an injected machine code analysis module configured to monitor, using the operating system kernel, the execution of the data content to determine whether the data content contains injected machine code indicative of a code injection attack; and wherein the injected machine code analysis module is configured to generate output specifying at least one of whether injected machine code was detected, a location in the buffer where injected machine code was detected, and a log of actions performed by detected injected machine code. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
23. A non-transitory computer readable medium comprising computer executable instructions that when executed by a processor of a computer control the computer to perform steps comprising:
-
extracting data content from a buffer; providing an operating system kernel configured to detect injected machine code; executing, using the operating system kernel, the data content on a physical processor; and monitoring, using the operating system kernel, the execution of the data content to determine whether the data content contains injected machine code indicative of a code injection attack; and generating output specifying at least one of whether injected machine code was detected, a location in the buffer where injected machine code was detected, and a log of actions performed by detected injected machine code.
-
Specification