Detecting delayed activation malware using a run-time monitoring agent and time-dilation logic
US10817606B1 · kind B1 · utility
Assignee
Inventor
Key dates
| Filing date | Jun 29, 2016 |
| Grant date | Oct 27, 2020 |
| Priority date | — |
| Expiry date | Apr 1, 2038 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F2221/2151
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
A malicious content detection (MCD) system and a computerized method for manipulating time uses a time controller operating within the MCD system in order to capture the behavior of delayed activation malware (time bombs). The time controller may include a monitoring agent located in a software layer of a virtual environment configured to intercept software calls (e.g., API calls or system calls) and/or other time checks that seek to obtain a “current time,” and time-dilation action logic located in a different layer configured to respond to the software calls by providing a “false” current time that indicates considerably more time has transpired than the real clock.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.