System, Method, and Computer Program Product for Monitoring and/or Analyzing At Least One Aspect of An Invocation of An Interface
First Claim
Patent Images
1. A method, comprising:
- identifying execution of an interface, including identifying that a code segment internal to the interface has been executed;
in response to the execution of the interface, determining whether the interface was executed as a result of executing a defined entry point of the interface; and
determining whether the execution is malicious based upon whether the entry point was invoked prior to execution of the code segment;
wherein the entry point is located logically before the code segment.
10 Assignments
0 Petitions
Accused Products
Abstract
A system, method and computer program product are provided. In use, execution of a portion of internal code of an interface is identified. Further, in response to the execution of the portion of internal code, at least one aspect of an invocation of the interface is monitored and/or analyzed.
6 Citations
33 Claims
-
1. A method, comprising:
-
identifying execution of an interface, including identifying that a code segment internal to the interface has been executed; in response to the execution of the interface, determining whether the interface was executed as a result of executing a defined entry point of the interface; and determining whether the execution is malicious based upon whether the entry point was invoked prior to execution of the code segment; wherein the entry point is located logically before the code segment. - View Dependent Claims (4, 5, 6, 10, 18)
-
-
2. (canceled)
-
3. (canceled)
-
7-10. -10. (canceled)
-
11-17. -17. (canceled)
-
19. A computer program product embodied on a non-transitory computer readable medium, comprising instructions that, when loaded and executed by a processor, cause the processor to:
-
identify execution of an interface, including identifying that a code segment internal to the interface has been executed; and determine whether the execution is malicious based upon whether the entry point was invoked prior to execution of the code segment; wherein the entry point is located logically before the code segment. - View Dependent Claims (22, 23, 24, 25, 26, 27)
-
-
20. A system, comprising:
-
a processor; detection logic executable by the processor to identify execution of an interface, including identifying that a code segment internal to the interface has been executed; and analysis logic executable by the processor to determine whether the execution is malicious based upon whether the entry point was invoked prior to execution of the code segment; wherein the entry point is located logically before the code segment. - View Dependent Claims (28, 29, 30, 31, 32, 33)
-
-
21. (canceled)
Specification