×

Shellcode detection

  • US 9,973,531 B1
  • Filed: 06/20/2014
  • Issued: 05/15/2018
  • Est. Priority Date: 06/06/2014
  • Status: Active Grant
First Claim
Patent Images

1. A computerized method, comprising:

  • instantiating an instance of an application within a virtual machine, the application for executing an object;

    allocating a first region of memory to the virtual machine for use in execution of the object with the application;

    responsive to detecting one or more characteristics of a heap spray attack within a sequence of bytes within the first region of memory, allocating a second region of memory to the virtual machine, wherein the first region of memory is a first virtual heap and the second region of memory is a second virtual heap different than the first virtual heap;

    copying the sequence of bytes from the first region of memory to the second region of memory;

    beginning execution, by the virtual machine, of the copy of the sequence of bytes stored in the second region of memory; and

    monitoring the execution of the copy of the sequence of bytes to detect characteristics of anomalous behavior.

View all claims
  • 5 Assignments
Timeline View
Assignment View
    ×
    ×