Detecting malware based on memory allocation patterns
US10977368B1 · kind B1 · utility
Assignee
Inventor
Key dates
| Filing date | Dec 27, 2017 |
| Grant date | Apr 13, 2021 |
| Priority date | — |
| Expiry date | Mar 15, 2039 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F2221/034
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
A method for threat detection by identifying patterns of used memory blocks is described. In one embodiment, the method includes identifying a pattern of memory allocations from a known malware threat; tracking memory allocations of memory; identifying a plurality of memory allocations that match at least a portion of the pattern of memory allocations based at least in part on the tracking of the memory allocations; and performing a security action upon determining a quantity of the plurality of memory allocations satisfies a predetermined threshold. In some examples, the method includes determining that a sequence of wiped data strings satisfies a confidence threshold, and identifying the plurality of memory allocations is based at least in part on the confidence threshold. In some cases, the security action includes flagging the identified pattern of memory allocations, quarantining an associated application or process, or generating a notification.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.