Systems and methods for detecting and protecting against malicious use of legitimate computing-system tools
US11288369B1 · kind B1 · utility
Assignee
Inventors
Key dates
| Filing date | Mar 28, 2019 |
| Grant date | Mar 29, 2022 |
| Priority date | — |
| Expiry date | May 21, 2040 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F21/60
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
A computer-implemented method for detecting and protecting against malicious use of legitimate computing-system tools may include (i) identifying a computing-system tool that can perform benign actions and malicious actions on a computing system, (ii) creating a set of recorded actions by recording actions performed by the computing-system tool on the computing system over a predetermined period of time, (iii) analyzing the set of recorded actions via a machine learning method that, for each action in the set of recorded actions, determines whether the action is anomalous compared to other actions in the set, (iv) classifying an action in the set of recorded actions as malicious based at least in part on determining that the action is anomalous, and (v) initiating, in response to classifying the action as malicious, a security action related to the action. Various other methods, systems, and computer-readable media are also disclosed.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.