US 11,736,499 B2
Systems and methods for detecting injection exploits
Abhishek Singh, Santa Clara, CA (US); Ramesh Mani, Santa Clara, CA (US); Anjan Venkatramani, Santa Clara, CA (US); and Chihwei Chao, Santa Clara, CA (US)
Assigned to Corner Venture Partners, LLC, Palo Alto, CA (US)
Filed by Corner Venture Partners, LLC, Palo Alto, CA (US)
Filed on Apr. 9, 2020, as Appl. No. 16/844,915.
Claims priority of provisional application 62/831,644, filed on Apr. 9, 2019.
Prior Publication US 2020/0404007 A1, Dec. 24, 2020
Int. Cl. H04L 9/40 (2022.01); G06F 16/2453 (2019.01)
CPC H04L 63/1416 (2013.01) [G06F 16/24537 (2019.01)] 15 Claims
OG exemplary drawing
 
1. A method for detecting injection exploits in a networked computing environment, the method comprising:
using a collector server, monitoring web applications that are executing and detecting when an execution function is received over a network and invoked, where an execution function is a function that accepts external free-form data values;
detecting malicious code by:
generating a model of legitimate behavior subsequent to invocation of the execution function;
comparing actual behavior to the model of legitimate behavior; and
generating an alert when the actual behavior deviates from the model of legitimate behavior and validating whether the deviation of the actual behavior is due to one or more functions that accept external input, by a collector server.