Patent · US Active

Methods, systems and apparatus to detect polymorphic malware

US11126721B2 · kind B2 · utility

0Cited by

3References

27Claims

0Family size

Assignee

Intel Corporation · US

Inventors

Alex Nayshtut · Gan Yavne, IL
Vadim Sukhomlinov · Santa Clara, US
Koichi Yamada · Los Gatos, US
Ajay Harikumar · Bengaluru, IN
Venkat R. Gokulrangan · Portland, US

Key dates

Filing date	Jun 28, 2018
Grant date	Sep 21, 2021
Priority date	—
Expiry date	Mar 19, 2039

Classification

Technology area (CPC G)Physics
CPC primaryG06F2221/033
WIPO fieldComputer technology
WIPO sectorElectrical engineering

Abstract

The disclosed embodiments generally relate to detecting malware through detection of micro-architectural changes (morphing events) when executing a code at a hardware level (e.g., CPU). An exemplary embodiment relates to a computer system having: a memory circuitry comprising an executable code; a central processing unit (CPU) in communication with the memory circuitry and configured to execute the code; a performance monitoring unit (PMU) associated with the CPU, the PMU configured to detect and count one or more morphing events associated with execution of the code and to determine if the counted number of morphine events exceed a threshold value; and a co-processor configured to initiate a memory scan of the memory circuitry to identify a malware in the code.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.