Predictive Heap Overflow Protection

A memory and malware technology, applied in platform integrity maintenance, instrumentation, computing, etc., can solve the problem that anti-malware solutions cannot detect malware

Active Publication Date: 2016-09-28
MCAFEE LLC
View PDF3 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

In such cases, anti-malware solutions may fail to detect new or variant malware in zero-day attacks

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Predictive Heap Overflow Protection
  • Predictive Heap Overflow Protection
  • Predictive Heap Overflow Protection

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0013] figure 1 is an illustration of an exemplary system 100 for predictive heap overflow protection. System 100 may be configured to determine whether an entity in the form of an application or data for an application is malware. Such data may be malware configured to exploit overflow weaknesses in the system or vulnerable applications. In an embodiment, system 100 may be configured to detect malware attempting to exploit flaws, such as heap overflow vulnerabilities.

[0014] A heap overflow vulnerability in a system may include a system flaw for a buffer overflow, where data is written to the buffer, but the data is written into memory adjacent to the buffer. Exploitation of an overflow vulnerability may include, for example, malware using stack-based or heap-based exploitation techniques. Heap exploitation-based techniques may include corrupting memory allocated in the target system's memory heap with malicious code. Such memory allocation can be done in real time. Sy...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

A method for preventing malware attacks comprising: identifying a set of data whose malware status is not known to be safe; initiating an application that uses the data; determining that the application has created one or more previous determining that the application has created a new memory allocation; comparing the new memory allocation to a previous memory allocation; and based on the comparison, determining whether the data includes malware.

Description

technical field [0001] Generally, the present invention relates to computer security and malware protection, and more particularly, the present invention relates to predictive heap overflow protection. Background technique [0002] Malware infections on computers and other electronic devices are very intrusive and difficult to detect and fix. Anti-malware solutions may need to compare signatures of malicious code or files against evaluated software to determine that the software is harmful to the computing system. Malware may disguise itself by using polymorphic executable files, where the malware changes itself to avoid detection by anti-malware solutions. In such cases, anti-malware solutions may fail to detect new or variant malware in zero-day attacks. Malware may include, but is not limited to, spyware, rootware, password stealers, spam, phishing attacks, sources of denial of service attacks, viruses, loggers, Trojan horses, adware, or any other digital content. Co...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/52G06F21/54G06F21/55G06F21/56H04L29/06
CPCG06F21/52G06F21/54G06F21/554G06F21/566H04L63/145G06F2221/2113
Inventor C·阿尔梅S·芬克
Owner MCAFEE LLC
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap