&#xfeff;<html>
  <head>
    <META http-equiv="Content-Type" content="text/html; charset=utf-8">
<link rel="stylesheet" type="text/css" href="html_style_eog.css"/>
<script type="text/javascript">
          function printpage()
          {
          window.print()
          }
        </script>
<script type="text/javascript" src="https://components.uspto.gov/js/ais/40-patentsgazette.js"></script></head>
  <body bgcolor='#FFFFFF' onload='javascript: if ((navigator.appName.indexOf("Netscape")!=-1) && parent.leftFrame!=null) parent.leftFrame.location.reload();'>
    <basefont face="Times New Roman, Times New Roman, Times New Roman " size="2">
      <div style="margin-left: +10pt">
        <table width="90%" border="0" rules="none" align="center">
          <tr align="center">
            <td width="20%" colspan="1" rowspan="2" align="left" valign="top"><a href="https://ppubs.uspto.gov/pubwebapp/external.html?q=11853414.pn.&amp;db=USPAT" target="popup"><input type="button" class="button" value="   Full Text   "></a></td>
            <td class="table_data"><b>US 11,853,414 B2</b></td>
            <td width="20%" colspan="1" rowspan="2" align="right" valign="top">
              <form><input type="button" value="Print this page" onclick="printpage()"></form>
            </td>
          </tr>
          <tr align="center">
            <td colspan="1" class="table_data" style="text-transform: uppercase"><b>Mitigation of return-oriented programming attacks</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b> Erik Jan Loman,  Hengelo (NL);  Lute Edwin Engels,  Zuidwolde (NL);  Andrew J. Thomas,  Oxfordshire (GB); and  Kenneth D. Ray,  Seattle, WA (US)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Assigned to  Sophos Limited,  Abingdon (GB)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Filed by  Sophos Limited,  Abingdon (GB)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Filed on Nov.  16, 2021, as Appl. No. 17/527,706.</b></td>
          </tr>
          <tr>
            <td colspan="3" class="table_data" align="center"><b>Application 17/527,706 is a continuation of application No. 16/848,105, filed on Apr.  14, 2020, granted, now 11,194,900.</b></td>
          </tr>
          <tr>
            <td colspan="3" class="table_data" align="center"><b>Application 16/848,105 is a continuation of application No. 15/667,847, filed on Aug.  3, 2017, granted, now 10,650,141, issued on May   12, 2020.</b></td>
          </tr>
          <tr>
            <td colspan="3" class="table_data" align="center"><b>Claims priority of provisional application 62/370,680, filed on Aug.  3, 2016.</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Prior Publication US 2022/0075868 A1, Mar.  10, 2022</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Int. Cl. </b><i><b>G06F 21/54</b></i> (2013.01); <i><b>G06F 21/56</b></i> (2013.01)</td>
          </tr>
        </table>
        <table width="90%" border="0" rules="none" align="center">
          <colgroup>
            <col width="75%">
            <col width="15%">
          </colgroup>
          <tr align="left">
            <td class="table_data" align="left"><b>CPC </b><i><b>G06F 21/54</b></i> (2013.01)&#xa0;[<i><b>G06F 21/566</b></i> (2013.01); <i>G06F 2221/034</i> (2013.01)]</td>
            <td class="table_data" align="right"><b>20 Claims</b></td>
          </tr>
        </table>
        <center><img src="US11853414-20231226-D00000.gif" alt="OG exemplary drawing"></center>
        <table width="90%" border="0" rules="none" align="center">
          <colgroup>
            <col width="90%">
          </colgroup>
          <tr>
            <td class="table_data" align="center">&#xa0;</td>
          </tr>
          <tr>
            <td valign="top" class="para_text">
              <div class="claim_text_root">1. A computer program product comprising computer executable code embodied in a non-transitory computer readable medium that, when executing on one or more computing devices, suppresses false positive indications of return-oriented programming attacks by performing the steps of:<div class="claim_text">deploying a security measure to detect control-flow integrity compromises indicative of a return-oriented programming (ROP) exploit on a computing device;</div>
                <div class="claim_text">receiving a report of a possible ROP exploit from the security measure, the report including contextual information for the possible ROP exploit, wherein the contextual information further includes path information for one or more files associated with the possible ROP exploit and branch information for one or more processes associated with the possible ROP exploit;</div>
                <div class="claim_text">normalizing the report to isolate machine-specific variations in the path information and the branch information;</div>
                <div class="claim_text">hashing the normalized report to provide a hashed report;</div>
                <div class="claim_text">pre-filtering the hashed report with a filter to determine if the report belongs to a collection of known false-positive reports; and</div>
                <div class="claim_text">in response to determining, based on applying the filter to the hashed report, that the report of the possible ROP exploit does not belong to a collection of known false-positive reports, responding to the report with a remediation for the possible ROP exploit.</div>
              </div>
            </td>
          </tr>
        </table>
      </div>
    
  </body>
</html>