SYSTEM, METHOD, AND COMPUTER PROGRAM PRODUCT FOR DETECTING AT LEAST POTENTIALLY UNWANTED ACTIVITY BASED ON EXECUTION PROFILE MONITORING
First Claim
Patent Images
1. A method of detecting at least potentially unwanted activity, comprising:
- monitoring, with a processor, an execution profile of code utilizing call frame monitoring;
noting, with the processor, a call frame associated with the code utilizing the call frame monitoring;
identifying, with the processor, executable memory associated with the noted call frame, wherein the executable memory is backed by a loaded executable;
identifying, with the processor, an owner of the executable memory by determining a file path of the loaded executable; and
determining, with the processor, whether the owner of the executable memory is legitimate.
10 Assignments
0 Petitions
Accused Products
Abstract
A system, method, and computer program product are provided for detecting at least potentially unwanted activity based on execution profile monitoring. In use, an execution profile of code is monitored utilizing call frame monitoring. Further, at least potentially unwanted activity is detected based on the monitoring of the execution profile.
3 Citations
24 Claims
-
1. A method of detecting at least potentially unwanted activity, comprising:
-
monitoring, with a processor, an execution profile of code utilizing call frame monitoring; noting, with the processor, a call frame associated with the code utilizing the call frame monitoring; identifying, with the processor, executable memory associated with the noted call frame, wherein the executable memory is backed by a loaded executable; identifying, with the processor, an owner of the executable memory by determining a file path of the loaded executable; and determining, with the processor, whether the owner of the executable memory is legitimate. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 15, 21, 22, 23, 24)
-
-
11-14. -14. (canceled)
-
16-17. -17. (canceled)
-
18. A computer program product embodied on a non-transitory computer readable storage medium, comprising:
-
computer code for monitoring an execution profile of code utilizing call frame monitoring; computer code for noting a call frame associated with the code utilizing the call frame monitoring; computer code for identifying executable memory associated with the noted call frame, wherein the executable memory is backed by a loaded executable; computer code for identifying an owner of the executable memory by determining a file path of the loaded executable; and computer code for determining whether an owner of executable memory associated with the noted call frame is legitimate.
-
-
19. A system, comprising:
-
a memory; and a processor operatively coupled to the memory, the processor adapted to execute program code stored in the memory to; monitor an execution profile of code utilizing call frame monitoring, detect at least potentially unwanted activity based on the monitoring of the execution profile, wherein detecting the at least potentially unwanted activity comprises; noting a call frame associated with the code utilizing the call frame monitoring, identifying executable memory associated with the noted call frame, wherein the executable memory is backed by a loaded executable, identifying an owner of the executable memory by determining a file path of the loaded executable, and determining whether an owner of executable memory associated with the noted call frame is legitimate.
-
-
20. (canceled)
Specification