Methods for behavioral detection and prevention of cyberattacks, and related apparatus and techniques
US11003775B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Sep 11, 2018 |
| Grant date | May 11, 2021 |
| Priority date | — |
| Expiry date | Apr 30, 2039 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F2221/2107
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
A security engine may use event-stream processing and behavioral techniques to detect ransomware. The engine may detect process behavior associated with encrypting a file, encrypting a storage device, or disabling a backup file, and may assign a ransomware category to the process based thereon. The engine may initiate protection actions to protect system resources from the process, which may continue to execute. The engine may monitor the process for specific behavior corresponding to its ransomware category. Based on the extent to which such specific behavior is detected, the engine may determine that the process is not ransomware, assign a ransomware subcategory to the process, or adjust the process's threat score. Monitoring of the process may continue, and the threat score may be updated based on the process's behavior. If the threat score exceeds a threshold corresponding to the ransomware category (or subcategory), a corresponding policy action may be initiated.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.