CPC G06F 21/566 (2013.01) [G06F 11/327 (2013.01); G06F 21/57 (2013.01)] | 21 Claims |
1. A system, comprising:
one or more processors; and
a memory communicatively coupled to the one or more processors, the memory including a first memory region operating as a kernel space and a second memory region operating as a user space, the memory comprises
a first logic unit maintained within the kernel space, the first logic unit to (i) receive a thread creation notification via an Application Programming Interface identifying a newly created thread, (ii) determine a thread type associated with the newly created thread to determine whether the newly created thread is a filtered thread type of one or more filtered thread types, and (iii) extract, within the kernel space, at least meta-information associated with the newly created thread included as part of the threat creation notification, provided the newly created thread is a thread type other than the one or more filtered thread types, and
a second logic unit maintained within the user space, the second logic unit to receive at least the meta-information associated with the newly created thread and conduct analytics on at least the meta-information to attempt to classify the newly created thread,
wherein an alert is generated by the second logic unit upon classifying the newly created thread as a cyberattack associated with a malicious position independent code execution based at least on results of the analytics associated with the meta-information associated with the newly created thread.
|