Rootkit detection system and method
US10122739B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Aug 31, 2016 |
| Grant date | Nov 6, 2018 |
| Priority date | — |
| Expiry date | Aug 31, 2036 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L63/145
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
A rootkit detection method includes obtaining, from a target system, first data comprising raw data stored in a data block of a storage drive, checking the first data for known malware, and generating a first alert if known malware is detected. The drive may include a public key, the first data may include a digital signature based on the key, and checking the first data may include validating the signature. The method may be performed by a system management resource that sends a management request for a particular data block. Second data, corresponding to an operating system access of the particular data block, may be obtained and compared to the first data. Responsive to detecting a discrepancy, generating a second alert. The system management resource may be a cloud based server, a premise installed appliance, premise installed security server, or a management controller of the target system.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.