The patent badge is an abbreviated version of the USPTO patent document. The patent badge does contain a link to the full patent document.
The patent badge is an abbreviated version of the USPTO patent document. The patent badge covers the following: Patent number, Date patent was issued, Date patent was filed, Title of the patent, Applicant, Inventor, Assignee, Attorney firm, Primary examiner, Assistant examiner, CPCs, and Abstract. The patent badge does contain a link to the full patent document (in Adobe Acrobat format, aka pdf). To download or print any patent click here.
Patent No.:
Date of Patent:
Aug. 16, 2022
Filed:
Jan. 11, 2019
Intel Corporation, Santa Clara, CA (US);
Zheng Zhang, Portland, OR (US);
Jason Martin, Beaverton, OR (US);
Justin Gottschlich, Santa Clara, CA (US);
Abhilasha Bhargav-Spantzel, Santa Clara, CA (US);
Salmin Sultana, Hillsboro, OR (US);
Li Chen, Hillsboro, OR (US);
Wei Li, Hillsboro, OR (US);
Priyam Biswas, West Lafayette, IN (US);
Paul Carlson, Santa Clara, CA (US);
Intel Corporation, Santa Clara, CA (US);
Abstract
Methods, systems, articles of manufacture and apparatus to detect process hijacking are disclosed herein. An example apparatus to detect control flow anomalies includes a parsing engine to compare a target instruction pointer (TIP) address to a dynamic link library (DLL) module list, and in response to detecting a match of the TIP address to a DLL in the DLL module list, set a first portion of a normalized TIP address to a value equal to an identifier of the DLL. The example apparatus disclosed herein also includes a DLL entry point analyzer to set a second portion of the normalized TIP address based on a comparison between the TIP address and an entry point of the DLL, and a model compliance engine to generate a flow validity decision based on a comparison between (a) the first and second portion of the normalized TIP address and (b) a control flow integrity model.