公开(公告)号：US11698964B2

公开(公告)日：2023-07-11

申请号：US16650643

申请日：2017-12-13

申请人： INTEL CORPORATION

发明人： Danyu Bi ,  Salmin Sultana ,  Yuanyuan Li ,  Yong Jiang ,  Pramod Pesara ,  Selvakumar Panneer ,  Ravi Sahita

IPC分类号： G06F21/56 ,  G06F9/448 ,  G06F9/30 ,  G06F11/36 ,  G06F12/1009 ,  H04L9/40

CPC分类号： G06F21/56 ,  G06F9/30061 ,  G06F9/448 ,  G06F11/3636 ,  G06F12/1009 ,  G06F21/566 ,  H04L63/145 ,  H04L63/1441

摘要： A system for detecting malware includes a processor to collect processor trace information corresponding to an application being executed by the processor (202). The processor can also detect an invalid indirect branch instruction from the processor trace information (204) and detect at least one malware instruction being executed by the application in response to analyzing modified memory values corresponding to the invalid indirect branch (206). Additionally, the processor can block the application from accessing or modifying memory (208).

公开(公告)号：US20200320196A1

公开(公告)日：2020-10-08

申请号：US16650643

申请日：2017-12-13

申请人： INTEL CORPORATION

发明人： Danyu Bi ,  Salmin Sultana ,  Yuanyuan Li ,  Yong Jiang ,  Pramod Pesara ,  Selvakumar Panneer ,  Ravi Sahita

IPC分类号： G06F21/56 ,  G06F9/30 ,  G06F9/448 ,  G06F11/36 ,  G06F12/1009

摘要： A system for detecting malware includes a processor to collect processor trace information corresponding to an application being executed by the processor (202). The processor can also detect an invalid indirect branch instruction from the processor trace information (204) and detect at least one malware instruction being executed by the application in response to analyzing modified memory values corresponding to the invalid indirect branch (206). Additionally, the processor can block the application from accessing or modifying memory (208).