This disclosure describes a dynamic overlay that delineates control flows of an application to identify unexpected code execution pathways that may be indicative of a security breach. Identifying such unexpected (or unauthorized) execution pathways can enable their prevention. The overlay is generated by observing the control flow through the application to produce a histogram of probabilities from a first function call to subsequent function calls. Using the overlay enables the detection of attacks with higher fidelity and at a lower cost than existing approaches.

Creative Commons License

Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 License.