System and method for dynamically detecting computer viruses through associative behavioral analysis of runtime state
US6973577B1 · kind B1 · utility
Assignee
Inventor
Key dates
| Filing date | May 26, 2000 |
| Grant date | Dec 6, 2005 |
| Priority date | — |
| Expiry date | May 26, 2020 |
Classification
- Technology area (CPC Y)Emerging Cross-Sectional Technologies
- CPC primaryY10S707/99939
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
A system and a method for dynamically detecting computer viruses through associative behavioral analysis of runtime state are described. A group of monitored events is defined. Each monitored event includes a set of one or more actions defined within an object. Each action is performed by one or more applications executing within a defined computing environment. The runtime state within the defined computing environment is continuously monitored for an occurrence of any one of the monitored events in the group. The sequence of the execution of the monitored events is tracked for each of the applications. Each occurrence of a specific event sequence characteristic of computer virus behavior and the application that performed the specific event sequence, are identified. A histogram describing the specific event sequence occurrence for each of the applications is created. Repetitions of the histogram associated with at least one object are identified.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.