专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US08984637B2 Method and apparatus for detecting shellcode insertion 有权
标题翻译：用于检测shellcode插入的方法和装置
公开(公告)号：US08984637B2
公开(公告)日：2015-03-17
申请号：US12653604
申请日：2009-12-15
申请人： Vinay Karecha , Hirosh Joseph
发明人： Vinay Karecha , Hirosh Joseph
IPC分类号： G06F21/00 , G06F21/52
CPC分类号： G06F21/52
摘要： A method of detecting malware present on a computer system where the computer system is running an application. The method includes redirecting a function call, made by the application to a decoding function that performs decoding of an argument provided to it by an application, to a scanning function. The scanning function is then employed to scan an argument of the function call for suspect code or data. In the event that suspect code or data is detected, the function call is inhibited, otherwise program control is returned to the called decoding function.
摘要翻译：一种检测存在于计算机系统运行应用程序的计算机系统上的恶意软件的方法。该方法包括将应用程序所做的功能调用重定向到由应用程序提供给它的参数的解码的解码功能到扫描功能。然后扫描功能用于扫描可疑代码或数据的函数调用的参数。在检测到可疑代码或数据的情况下，功能调用被禁止，否则程序控制返回到被叫解码功能。

2. 发明申请

US20100162398A1 Method and apparatus for detecting shellcode insertion 有权
标题翻译：用于检测shellcode插入的方法和装置
公开(公告)号：US20100162398A1
公开(公告)日：2010-06-24
申请号：US12653604
申请日：2009-12-15
申请人： Vinay Karecha , Hirosh Joseph
发明人： Vinay Karecha , Hirosh Joseph
IPC分类号： G06F11/00 , G06F12/14
CPC分类号： G06F21/52
摘要： A method of detecting malware present on a computer system where the computer system is running an application. The method comprises redirecting a function call, made by the application to a decoding function that performs decoding of an argument provided to it by an application, to a scanning function. The scanning function is then employed to scan an argument of the function call for suspect code or data. In the event that suspect code or data is detected, the function call is inhibited, otherwise program control is returned to the called decoding function.
摘要翻译：一种检测存在于计算机系统运行应用程序的计算机系统上的恶意软件的方法。该方法包括将应用所做的功能调用重定向到由应用提供给它的参数的解码的解码功能到扫描功能。然后使用扫描功能扫描可疑代码或数据的函数调用的参数。在检测到可疑代码或数据的情况下，功能调用被禁止，否则程序控制返回到被叫解码功能。

3. 发明申请

US20100037033A1 Exploit nonspecific host intrusion prevention/detection methods and systems and smart filters therefor 有权
标题翻译：利用非特异性的主机入侵防御/检测方法和系统以及智能过滤器
公开(公告)号：US20100037033A1
公开(公告)日：2010-02-11
申请号：US12461274
申请日：2009-08-06
申请人： Vinay Karecha , Wei Hu
发明人： Vinay Karecha , Wei Hu
IPC分类号： G06F12/06
CPC分类号： G06F12/06 , G06F21/552 , G06F21/554 , G06F2221/2141 , H04L63/1416
摘要： Exploit nonspecific host intrusion prevention/detection methods, systems and smart filters are described. Portion of network traffic is captured and searched for a network traffic pattern, comprising: searching for a branch instruction transferring control to a first address in the memory; provided the first instruction is found, searching for a subroutine call instruction within a first predetermined interval in the memory starting from the first address and pointing to a second address in the memory; provided the second instruction is found, searching for a third instruction at a third address in the memory, located at a second predetermined interval from the second address; provided the third instruction is a fetch instruction, indicating the presence of the exploit; provided the third instruction is a branch instruction, transferring control to a fourth address in the memory, and provided a fetch instruction is located at the fourth address, indicating the presence of the exploit.
摘要翻译：描述了非特异性主机入侵防御/检测方法，系统和智能过滤器。网络流量的部分被捕获并搜索网络流量模式，包括：搜索分支指令将控制转移到存储器中的第一地址; 如果发现第一指令，则在第一预定间隔内从第一地址开始寻找子程序调用指令，并指向存储器中的第二地址; 如果发现第二条指令，则在存储器中的第三地址搜索位于距第二地址的第二预定间隔的第三条指令; 提供第三条指令是一条提取指令，指示该漏洞的存在; 只要第三条指令是分支指令，将控制转移到存储器中的第四地址，并且提供一个取指令位于第四地址处，指示存在利用。

4. 发明授权

US08332941B2 Exploit nonspecific host intrusion prevention/detection methods and systems and smart filters therefor 有权
标题翻译：利用非特异性的主机入侵防御/检测方法和系统以及智能过滤器
公开(公告)号：US08332941B2
公开(公告)日：2012-12-11
申请号：US12461274
申请日：2009-08-06
申请人： Vinay Karecha , Wei Hu
发明人： Vinay Karecha , Wei Hu
IPC分类号： G06F12/06
CPC分类号： G06F12/06 , G06F21/552 , G06F21/554 , G06F2221/2141 , H04L63/1416
摘要： Exploit nonspecific host intrusion prevention/detection methods, systems and smart filters are described. Portion of network traffic is captured and searched for a network traffic pattern, comprising: searching for a branch instruction transferring control to a first address in the memory; provided the first instruction is found, searching for a subroutine call instruction within a first predetermined interval in the memory starting from the first address and pointing to a second address in the memory; provided the second instruction is found, searching for a third instruction at a third address in the memory, located at a second predetermined interval from the second address; provided the third instruction is a fetch instruction, indicating the presence of the exploit; provided the third instruction is a branch instruction, transferring control to a fourth address in the memory, and provided a fetch instruction is located at the fourth address, indicating the presence of the exploit.
摘要翻译：描述了非特异性主机入侵防御/检测方法，系统和智能过滤器。网络流量的部分被捕获并搜索网络流量模式，包括：搜索分支指令将控制转移到存储器中的第一地址; 如果发现第一指令，则在第一预定间隔内从第一地址开始寻找子程序调用指令，并指向存储器中的第二地址; 如果发现第二条指令，则在存储器中的第三地址搜索位于距第二地址的第二预定间隔的第三条指令; 提供第三条指令是一条提取指令，指示该漏洞的存在; 只要第三条指令是分支指令，将控制转移到存储器中的第四地址，并且提供一个取指令位于第四地址处，指示存在利用。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式