Systems and methods for detecting malicious processes

Assignee

• Acronis International GmbH · CH

Inventors

• Vladimir Strogov · Moscow, RU
• Serguei Beloussov · Moscow, RU
• Alexey Dod · Moscow, RU
• Valery Chernyakovsky · Moscow, RU
• Anatoly Stupak · Moscow, RU
• Sergey Ulasen · Moscow, RU
• Nikolay Grebennikov · Singapore, SG
• Vyacheslav Levchenko · Moscow, RU
• Stanislav Protasov · Moscow, RU

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06F2221/033
• WIPO fieldComputer technology
• WIPO sectorElectrical engineering

Abstract

Disclosed are systems and methods for detecting malicious applications. An exemplary method may comprise detecting that a first process has been launched on a computing device. The method may comprise receiving, from the first process, an execution stack associated with one or more control points of the first process. The method may comprise applying a machine learning classifier on the execution stack, wherein the machine learning classifier is configured to classify whether a process is malicious based on activity on control points captured on a given execution stack, and wherein a feature of a malicious process is detection of a system call to create a remote thread that runs in a virtual address space of a shared-service process configured to import third-party processes to be embedded as separate threads. The method may comprise generating an indication that the execution of the first process is malicious/non-malicious.