| 发明名称 | Methods, systems, and media for detecting and preventing malcode execution | ||
| 摘要 | A system for detecting and halting execution of malicious code includes a kernel-based system call interposition mechanism and a libc function interception mechanism. The kernel-based system call interposition mechanism detects a system call request from an application, determines a memory region from which the system call request emanates, and halts execution of the code responsible for the call request if the memory region from which the system call request emanates is a data memory region. The libc function interception mechanism maintains an alternative wrapper function for each of the relevant standard libc routines, intercepts a call from an application to one or more libc routines and redirects the call into the corresponding alternative wrapper function. | ||
| 申请公布号 | US8925090(B2) | 申请公布日期 | 2014.12.30 |
| 申请号 | US201113152627 | 申请日期 | 2011.06.03 |
| 申请人 | The Trustees of Columbia University in the City of New York | 发明人 | Kc Gaurav S.;Aho Alfred V. |
| 分类号 | G06F21/00;G06F21/56;G06F12/14;H04L29/06 | 主分类号 | G06F21/00 |
| 代理机构 | Byrne Poh LLP | 代理人 | Byrne Poh LLP |
| 主权项 | 1. A method for detecting and halting execution of malicious code, the method comprising: creating a plurality of wrapper functions that each correspond to one of a plurality of library functions in an application; intercepting a system call request from the application to a library function; redirecting the system call request to a wrapper function from the plurality of created wrapper functions that corresponds to the library function; using the wrapper function to determine a memory region from which the system call request emanates, wherein the wrapper function determines whether return addresses associated with one or more intermediate functions in the system call request emanate from a write protected memory region; and executing the system call request based at least in part on the determined memory region. | ||
| 地址 | New York NY US | ||