This disclosure describes a dynamic overlay that delineates control flows of an application to identify unexpected code execution pathways that may be indicative of a security breach. Identifying such unexpected (or unauthorized) execution pathways can enable their prevention. The overlay is generated by observing the control flow through the application to produce a histogram of probabilities from a first function call to subsequent function calls. Using the overlay enables the detection of attacks with higher fidelity and at a lower cost than existing approaches.
Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 License.
Watson, Nic and Schneider, Chris, "Dynamic Real-time Verification of Program Call Flows", Technical Disclosure Commons, (December 26, 2022)