Patent · US Active

Application behavior based malware detection

US7779472B1 · kind B1 · utility

132Cited by

10References

29Claims

0Family size

Assignee

Trend Micro Incorporated · JP

Inventor

Vic Lou · Kaohsiung, TW

Key dates

Filing date	Oct 11, 2005
Grant date	Aug 17, 2010
Priority date	—
Expiry date	Jun 18, 2028

Classification

Technology area (CPC G)Physics
CPC primaryG06F21/566
WIPO fieldComputer technology
WIPO sectorElectrical engineering

Abstract

An executable file is loaded into a virtual machine arranged to emulate the instructions of said executable file. The virtual machine keeps track of application programming interfaces (APIs) used by the executable file during emulation. The executable file is scanned to determine names of (APIs) used. Behavior flags are set if certain conditions occur within the executable file. The APIs determined during emulation and during scanning are compared with a set of known behaviors. A match of the APIs and the known behaviors indicates a high risk of malware. A determination of malware being present is based upon any matches and any behavior flags that are set.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.