Malware detection in event loops
US11086987B2 · kind B2 · utility
Assignee
Inventor
Key dates
| Filing date | Dec 29, 2017 |
| Grant date | Aug 10, 2021 |
| Priority date | — |
| Expiry date | May 26, 2038 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F2221/034
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
Example techniques locate or identify malware based on events from or at monitored computing devices. A control unit can detect a sequence of events of various types. The control unit can locate a loop within the sequence of events based at least in part on relative frequencies of the event types. The control unit can determine a distribution of event types of the events within the loop, and determining that software running the sequence is associated with malware based at least in part on the distribution of event types within the loop. In some examples, the control unit can locate a point of commonality among a plurality of stack traces associated with respective events within the loop. The control unit can determine a malware module comprising the point of commonality.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.