Patent · US Active

Deactivating evasive malware

US11144642B2 · kind B2 · utility

0Cited by

2References

20Claims

0Family size

Assignee

International Business Machines Corporation · US

Inventors

Zhongshu Gu · Ridgewood, US
Heqing Huang · Mahwah, US
Jiyong Jang · Ossining, US
Dhilung Hang Kirat · White Plains, US
Xiaokui Shu · Ossining, US
Marc Philippe Stoecklin · Bern, CH
Jialong Zhang · White Plains, US

Key dates

Filing date	Nov 25, 2019
Grant date	Oct 12, 2021
Priority date	—
Expiry date	Jan 2, 2040

Classification

Technology area (CPC G)Physics
CPC primaryG06F2221/034
WIPO fieldComputer technology
WIPO sectorElectrical engineering

Abstract

A computer-implemented method, a computer program product, and a computer system. The computer system installs and configures a virtual imitating resource in the computer system, wherein the virtual imitating resource imitates a set of resources in the computer system. Installing and configuring the virtual imitating resource includes modifying respective values of an installed version of the virtual imitating resource for an environment of the computer system, determining whether the virtual imitating resource is a static imitating resource or a dynamic imitating resource, and comparing a call graph of the evasive malware with patterns of dynamic imitating resources on a database. The computer system returns a response from an appropriate element of the virtual imitating resource, in response to a call from the evasive malware to a real computing resource, return, by the computer system.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.