| 摘要 |
A method for detecting attacks that exploit vulnerabilities in an external module of a primary application is disclosed. The method begins with receiving from the primary application an external module method call that includes a module identifier and a module parameter. Thereafter, the external module method call is intercepted prior to the instantiation of the external module. The external module method call, which may include various data, is compared to the signature rules that are correlated to an attack attempt. If there is a match, then a resulting action part defined in the signature rule is evaluated. Otherwise, the external module is invoked.
|
