System, method, and computer program product for monitoring and/or analyzing at least one aspect of an invocation of an interface
First Claim
Patent Images
1. A method, comprising:
- identifying execution of an interface, including identifying by utilizing a callback function that a code segment internal to the interface has been executed;
in response to the execution of the interface, determining whether the interface was executed as a result of executing a defined entry point of the interface, the entry point located logically before the code segment;
determining that the execution of the interface is malicious based upon the determination that the interface was executed as a result of executing the code segment prior to executing the defined entry point of the interface; and
in response to the determination that the execution is malicious, initiating an action including at least one of;
preventing further execution of the interface;
transmitting an alert;
orrecording information associated with the execution of the interface.
10 Assignments
0 Petitions
Accused Products
Abstract
A system, method and computer program product are provided. In use, execution of a portion of internal code of an interface is identified. Further, in response to the execution of the portion of internal code, at least one aspect of an invocation of the interface is monitored and/or analyzed.
38 Citations
20 Claims
-
1. A method, comprising:
-
identifying execution of an interface, including identifying by utilizing a callback function that a code segment internal to the interface has been executed; in response to the execution of the interface, determining whether the interface was executed as a result of executing a defined entry point of the interface, the entry point located logically before the code segment; determining that the execution of the interface is malicious based upon the determination that the interface was executed as a result of executing the code segment prior to executing the defined entry point of the interface; and in response to the determination that the execution is malicious, initiating an action including at least one of; preventing further execution of the interface; transmitting an alert;
orrecording information associated with the execution of the interface. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A computer program product embodied on a non-transitory computer readable medium, comprising instructions that, when loaded and executed by a processor, cause the processor to:
-
identify execution of an interface, including identifying by utilization of a callback function that a code segment internal to the interface has been executed; in response to the execution of the interface, determine whether the interface was executed as a result of execution of a defined entry point of the interface, the entry point located logically before the code segment; determine that the execution of the interface is malicious based upon the determination that the interface was executed as a result of execution of the code segment prior to the execution of the defined entry point of the interface; and in response to the determination that the execution is malicious, initiate an action, the action including at least one of; prevention of further execution of the interface; transmission of an alert;
orrecordation of information associated with the execution of the interface. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
8. A system, comprising:
-
a hardware processor; computer-readable instructions executable by the processor to identify execution of an interface by utilization of a callback function, including identifying that a code segment internal to the interface has been executed; in response to the execution of the interface, computer-readable instructions executable by the processor to determine whether the interface was executed as a result of execution of a defined entry point of the interface, the entry point located logically before the code segment; computer-readable instructions executable by the processor to determine that the execution of the interface is malicious based upon the determination that the interface was executed as a result of execution of the code segment prior to the execution of the defined entry point of the interface; and in response to the determination that the execution is malicious, computer-readable instructions executable by the processor to initiate an action, the action including at least one of; prevention of further execution of the interface; transmission of an alert;
orrecordation of information associated with the execution of the interface. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
Specification