摘要 |
Techniques for detecting security exploits associated with return-oriented programming are described herein. For example, a computing device may determine that a retrieved count is indicative of malicious activity, such as return oriented programming. The computing device may retrieve the count from a processor performance counter of prediction mismatches, the prediction mismatches resulting from comparisons of a call stack of the computing device and of a shadow call stack maintained by a processor of the computing device. In response to determining that the count indicates malicious activity, the computing device may perform at least one security response action. |