Systems and methods for intelligent phishing threat detection and phishing threat remediation in a cyber security threat detection and mitigation platform
US-2024414198-A1 · Dec 12, 2024 · US
Memory attack detection
US9965626B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9965626-B2 |
| Application number | US-201314370399-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jul 18, 2013 |
| Priority date | Jul 18, 2013 |
| Publication date | May 8, 2018 |
| Grant date | May 8, 2018 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Technologies are generally described for systems, devices and methods effective to detect a potential attack on a memory of a memory device. In some examples, a processor may send a request to the memory device. The request may include a request for information that relates to memory writes to the memory of the memory device. The processor may receive a response from the memory device. The response may include the information that relates to the memory writes. The processor may determine, based on the response, an amount of memory of the memory device written to during an interval of time. The processor may detect the potential attack based on the amount of memory written to and based on the interval of time. The processor may then generate an alert based on the detection of the potential attack.
First claim
Opening claim text (preview).
What is claimed is: 1. A method to detect a potential attack on a memory of a memory device, the method comprising, by a hardware processor: sending a request to the memory device, wherein the request includes a request for information that relates to memory writes to the memory of the memory device; receiving a response from the memory device, wherein the response includes the information that relates to the memory writes; determining, based on the response, an amount of the memory of the memory device written to during an interval of time; detecting the potential attack on the memory by: assigning a data threshold and a time threshold to each application of a plurality of applications executing on the memory device, wherein the data threshold and the time threshold are different for the plurality of applications; comparing, for a particular application of the plurality of applications, the amount of the memory of the memory device written to during the interval of time with the data threshold assigned to the particular application; and in response to the amount of the memory being written to equaling or exceeding the data threshold assigned to the particular application, comparing the interval of time with the time threshold assigned to the particular application to detect the potential attack when the interval of time exceeds the time threshold assigned to the particular application, wherein the potential attack on the memory includes a potential attack on a data block of the memory, and wherein the potential attack, if successful, would disable the data block to no longer store information; generating an alert based on the detection of the potential attack; and preventing, based on the generation of the alert, the particular application from accessing the memory of the memory device. 2. The method of claim 1 , wherein generating the alert includes generating a warning on a user interface. 3. The method of claim 1 , further comprising identifying an application, from the plurality of applications, which corresponds to the memory writes. 4. The method of claim 1 , further comprising: identifying an application, from the plurality of applications, which corresponds to the memory writes; and generating a signal effective to prevent the identified application from accessing the memory of the memory device. 5. The method of claim 1 , further comprising: identifying an application, from the plurality of applications, which corresponds to the memory writes; and generating a signal effective to prevent the identified application from accessing a portion of the memory of the memory device. 6. The method of claim 1 , wherein generating the alert includes generating an instruction to restart a device that includes the memory device. 7. The method of claim 1 , wherein determining the amount of the memory of the memory device written to during the interval of time includes: determining a particular interval of time when a defined amount of the memory of the memory device is written to; and comparing the particular interval of time to the time threshold for each application of the plurality of applications. 8. The method of claim 7 , wherein the time threshold is based on an application, of the plurality of applications, accessing the memory of the memory device. 9. The method of claim 1 , wherein determining the amount of the memory of the memory device written to during the interval of time includes: determining a particular amount of the memory of the memory device written to when a defined interval of time has passed; and comparing the particular amount of the memory of the memory device to the data threshold of each application of the plurality of applications. 10. The method of claim 9 , wherein the data threshold is based on an application, of the plurality of applications, accessing the memory of the memory device. 11. A device, comprising: a memory device that includes a memory and a memory controller; and a hardware processor configured to be in communication with the memory device, wherein the hardware processor is configured to: send a request to the memory device, wherein the request includes a request for information that relates to memory writes to the memory of the memory device; receive a response from the memory device, wherein the response includes the information that relates to the memory writes; determine, based on the response, an amount of the memory of the memory device written to during an interval of time; detect a potential attack on the memory by: assigning a data threshold and a time threshold to each application of a plurality of applications, which executes on the memory device, wherein the data threshold and the time threshold are different for the plurality of applications; comparing, for a particular application of the plurality of applications, the amount of the memory of the memory device written to during the interval of time with the data threshold assigned to the particular application; and in response to a determination that the amount of the memory of the memory device being written to equaling or exceeding the data threshold assigned to the particular application, comparing the interval of time with the time threshold assigned to the particular application to detect the potential attack when the interval of time exceeds the time threshold assigned to the particular application, wherein the potential attack on the memory includes a potential attack on a data block of the memory, and wherein the potential attack, if successful, would disable the data block to no longer store information; generate an alert based on the detection of the potential attack; and prevent, based on the generation of the alert, the particular application, from accessing the memory of the memory device. 12. The device of claim 11 , wherein the hardware processor is further configured to: identify an application, from the plurality of applications, which corresponds to the memory writes; and generate a signal effective to prevent the identified application from accessing the memory of the memory device. 13. The device of claim 11 , wherein the hardware processor is further configured to: identify an application, from the plurality of applications, which corresponds to the memory writes; and generate a signal effective to prevent the identified application from accessing a portion of the memory of the memory device. 14. The device of claim 11 , wherein the hardware processor is configured to determine the amount of the memory of the memory device written to during the interval of time by: determination of a particular interval of time when a defined amount of the memory of the memory device is written to; and comparison of the particular interval of time to the time threshold of each application of the plurality of applications. 15. The device of claim 14 , wherein the time threshold is based on an application, of the plurality of applications, that accesses the memory of the memory device. 16. The device of claim 11 , wherein the hardware processor is configured to determine the amount of the memory of the memory device written to during the interval of time by: determination of a particular amount of the memory of the memory device written to, when a defined interval of time has passed; and comparison of the particular amount of the memory of the memory device to the data threshold of each application of the plurality of applications. 17. The device of claim 11 , wherein the hardware processor is a part of the memory
Assignees
Inventors
Classifications
- G06F21/554Primary
involving event detection and direct action · CPC title
the protection being physical, e.g. cell, word, block · CPC title
operating in dual or compartmented mode, i.e. at least one secure mode · CPC title
- G06F21/79Primary
in semiconductor storage media, e.g. directly-addressable memories · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9965626B2 cover?
- Technologies are generally described for systems, devices and methods effective to detect a potential attack on a memory of a memory device. In some examples, a processor may send a request to the memory device. The request may include a request for information that relates to memory writes to the memory of the memory device. The processor may receive a response from the memory device. The resp…
- Who is the assignee on this patent?
- Empire Technology Dev Llc
- What technology area does this patent fall under?
- Primary CPC classification G06F21/554. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue May 08 2018 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).