Protecting against malware code injections in trusted processes

Assignee

• Acronis International GmbH · CH

Inventors

• Vladimir Strogov · Moscow, RU
• Serguei Beloussov · Moscow, RU
• Alexey Dod · Moscow, RU
• Valery Chernyakovsky · Moscow, RU
• Anatoly Stupak · Moscow, RU
• Sergey Ulasen · Moscow, RU
• Nikolay Grebennikov · Singapore, SG
• Vyacheslav Levchenko · Moscow, RU
• Stanislav Protasov · Moscow, RU

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06F2221/033
• WIPO fieldComputer technology
• WIPO sectorElectrical engineering

Abstract

Disclosed are systems and methods for detecting malicious applications. The described techniques detect a first process has been launched on a computing device, and monitor at least one thread associated with the first process using one or more control points of the first process. An execution stack associated with the one or more control points of the first process is received from the first process. In response to detecting activity on the one or more control points of the first process, an indication that the execution of the first process is malicious is generated by applying a machine learning classifier to the received execution stack associated with the one or more control points of the first process.