Systems and methods for intelligent phishing threat detection and phishing threat remediation in a cyber security threat detection and mitigation platform
US-2024414198-A1 · Dec 12, 2024 · US
Hardware and software execution profiling
US10055585B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10055585-B2 |
| Application number | US-201314129246-A |
| Country | US |
| Kind code | B2 |
| Filing date | Aug 28, 2013 |
| Priority date | Aug 28, 2013 |
| Publication date | Aug 21, 2018 |
| Grant date | Aug 21, 2018 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Technologies for assembling an execution profile of an event are disclosed. The technologies may include monitoring the event for a branch instruction, generating a callback to a security module upon execution of the branch instruction, filtering the callback according to a plurality of event identifiers, and validating a code segment associated with the branch instruction, the code segment including code executed before the branch instruction and code executed after the branch instruction.
First claim
Opening claim text (preview).
What is claimed: 1. A method for assembling an execution profile of an event, the method comprising: monitoring a process invoked in response to the event for a branch instruction; generating a callback to a security module upon execution of the branch instruction; filtering the callback according to filtering criteria that is dependent on a plurality of identifiers associated with the event; and validating, by the security module in response to the filtering criteria being met, a code segment associated with the branch instruction, the code segment including code executed before the branch instruction and code executed after the branch instruction, the validation including determining whether the code segment is associated with a manipulation of return addresses associated with branch instructions. 2. The method of claim 1 , further comprising checking the code segment for use of return-oriented programming techniques. 3. The method of claim 1 , further comprising managing security policies for the system. 4. The method of claim 1 , further comprising monitoring the process invoked in response to the event for the branch instruction using binary translation-based techniques. 5. The method of claim 1 , further comprising providing an event trigger from a monitoring extension to a processor, the event trigger for use in monitoring the process invoked in response to the event for the branch instruction. 6. The method of claim 1 , further comprising providing an event trigger from a monitoring extension to a processor, the event trigger for use in monitoring the process invoked in response to the event for the branch instruction, wherein the event trigger comprises a trigger when an instruction of a particular type is executed. 7. The method of claim 1 , further comprising providing an event trigger from a monitoring extension to a processor, the event trigger for use in monitoring the process invoked in response to the event for the branch instruction, wherein the event trigger comprises a trigger invoking a registered callback for handling of the event. 8. A system for securing an electronic device, comprising: a memory; a processor; and one or more security agents including instructions resident in the memory and operable for execution by the processor, wherein the security agents are configured to: assemble an execution profile of an event; monitor a process invoked in response to the event for a branch instruction; generate a callback upon execution of the branch instruction; filter the callback according to filtering criteria that is dependent on a plurality of identifiers associated with the event; and validate, in response to the filtering criteria being met, a code segment associated with the branch instruction, the code segment including code executed before the branch instruction and code executed after the branch instruction, the validation including determining whether the code segment is associated with a manipulation of return addresses associated with branch instructions. 9. The system of claim 8 , wherein the security agents are further configured to check the code segment for use of return-oriented programming techniques. 10. The system of claim 8 , wherein the security agents are further configured to access managing security policies for the system to assemble the execution profile. 11. The system of claim 8 , wherein the security agents are further configured to monitor the process invoked in response to the event for the branch instruction using binary translation-based techniques. 12. The system of claim 8 , wherein the security agents are further configured to access an event trigger from a monitoring extension of the processor to monitor the process invoked in response to the event for a branch instruction. 13. The system of claim 8 , wherein the security agents are further configured to access an event trigger from a monitoring extension of the processor to monitor the process invoked in response to the event for a branch instruction, the event trigger based upon an instruction of a particular type is executed. 14. The system of claim 8 , wherein the security agents are further configured to access an event trigger from a monitoring extension of the processor to monitor the process invoked in response to the event for a branch instruction, the event trigger invoking a registered callback for handling of the event. 15. At least one non-transitory machine readable storage medium, comprising computer-executable instructions carried on the machine readable medium, the instructions readable by a processor, the instructions, when read and executed, for causing the processor to: assemble an execution profile of an event; monitor a process invoked in response to the event for a branch instruction; generate a callback to a security module upon execution of the branch instruction; filter the callback according to filtering criteria that is dependent on a plurality of identifiers associated with the event; and validate, by the security module in response to the filtering criteria being met, a code segment associated with the branch instruction, the code segment including code executed before the branch instruction and code executed after the branch instruction, the validation including determining whether the code segment is associated with a manipulation of return addresses associated with branch instructions. 16. The medium of claim 15 , wherein the instructions further cause the processor to check the code segment for use of return-oriented programming techniques. 17. The medium of claim 15 , wherein the instructions further cause the processor to monitor the process invoked in response to the event for the branch instruction using binary translation-based techniques. 18. The medium of claim 15 , wherein the instructions further cause the processor to access an event trigger from a monitoring extension of the processor to monitor the process invoked in response to the event for a branch instruction. 19. The medium of claim 15 , wherein the instructions further cause the processor to access an event trigger from a monitoring extension of the processor to monitor the process invoked in response to the event for a branch instruction, the event trigger based upon an instruction of a particular type is executed. 20. The medium of claim 15 , wherein the instructions further cause the processor to access an event trigger from a monitoring extension of the processor to monitor the process invoked in response to the event for a branch instruction, the event trigger invoking a registered callback for handling of the event.
Assignees
Inventors
Classifications
- G06F21/566Primary
Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities · CPC title
involving event detection and direct action · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10055585B2 cover?
- Technologies for assembling an execution profile of an event are disclosed. The technologies may include monitoring the event for a branch instruction, generating a callback to a security module upon execution of the branch instruction, filtering the callback according to a plurality of event identifiers, and validating a code segment associated with the branch instruction, the code segment inc…
- Who is the assignee on this patent?
- Intel Corp, Mcafee Llc
- What technology area does this patent fall under?
- Primary CPC classification G06F21/566. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Aug 21 2018 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).