| 发明名称 |
METHODS, MEDIA AND SYSTEMS FOR DETECTING ANOMALOUS PROGRAM EXECUTIONS |
| 摘要 |
Methods, media, and systems for detecting anomalous program executions are provided. In some embodiments, methods for detecting anomalous program executions are provided, comprising: executing at least a part of a program in an emulator; comparing a function call made in the emulator to a model of function calls for the at least a part of the program; and identifying the function call as anomalous based on the comparison. In some embodiments, methods for detecting anomalous program executions are provided, comprising: modifying a program to include indicators of program-level function calls being made during execution of the program; comparing at least one of the indicators of program-level function calls made in the emulator to a model of function calls for the at least a part of the program; and identifying a function call corresponding to the at least one of the indicators as anomalous based on the comparison. |
| 申请公布号 |
CA2626993(A1) |
申请公布日期 |
2007.05.03 |
| 申请号 |
CA20062626993 |
申请日期 |
2006.10.25 |
| 申请人 |
THE TRUSTEES OF COLUMBIA UNIVERSITY IN THE CITY OF NEW YORK |
发明人 |
SIDIROGLOU, STELIOS;KEROMYTIS, ANGELOS D.;STOLFO, SALVATORE J. |
| 分类号 |
G06F11/22 |
主分类号 |
G06F11/22 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
|
| 地址 |
|
