Systems and methods for protecting against malware code injections in trusted processes by a multi-target injector

Assignee

• Acronis International GmbH · CH

Inventors

• Vladimir Strogov · Moscow, RU
• Serguei M. Beloussov · Singapore, SG
• Aliaksei Dodz · Singapore, SG
• Valerii Cherniakovskii · Moscow, RU
• Anatoly Stupak · Moscow, RU
• Sergey Ulasen · Moscow, RU
• Nikolay Grebennikov · Singapore, SG
• Vyacheslav Levchenko · Moscow, RU
• Stanislav Protasov · Moscow, RU

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06N7/01
• WIPO fieldComputer technology
• WIPO sectorElectrical engineering

Abstract

Disclosed are systems and methods for detecting multiple malicious processes. The described techniques identify a first process and a second process launched on a computing device. The techniques receive from the first process a first execution stack indicating at least one first control point used to monitor at least one thread associated with the first process, and receive from the second process a second execution stack indicating at least one second control point used to monitor at least one thread associated with the second process. The techniques determine that both the first process and the second process are malicious using a machine learning classifier on the at least one first control point and the at least one second control point. In response, the techniques generate an indication that an execution of the first process and the second process is malicious.