An intrusion-resistant mechanism based on restricted code segments and code individualization is able to thwart significant amounts of known and unknown low-level attacks that inject invalid code, in the form of false data or instructions for execution by a victim application, by varying the locations of code-containing segments within a memory space corresponding to an application.