Patent · US Active

Systems and methods for detecting malicious behavior in process chains

US11609988B2 · kind B2 · utility

1Cited by

3References

19Claims

0Family size

Assignee

Acronis International GmbH · CH

Inventors

Vladimir Strogov · Moscow, RU
Vyacheslav Levchenko · Moscow, RU
Serguei Beloussov · Moscow, RU
Sergey Ulasen · Moscow, RU
Stanislav Protasov · Moscow, RU

Key dates

Filing date	Dec 29, 2021
Grant date	Mar 21, 2023
Priority date	—
Expiry date	Dec 29, 2041

Classification

Technology area (CPC G)Physics
CPC primaryG06F2221/032
WIPO fieldComputer technology
WIPO sectorElectrical engineering

Abstract

Disclosed herein are systems and method for malicious behavior detection in processing chains comprising identifying and monitoring events generated by a first process executing on a computing device; storing snapshots of data modified by any of the events; determining a level of suspicion for the first process, wherein the level of suspicion is a likelihood of the first process being attributed to malware based on the data modified by any of the events; in response to determining that the first process is not trusted based on the determined level of suspicion, identifying at least one sub-process of the first process; and restoring, from the snapshots, objects affected by the first process and the at least one sub-process.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.