System and method for detecting malware in an executable code module according to the code module's exhibited behavior
US7913305B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Jan 30, 2004 |
| Grant date | Mar 22, 2011 |
| Priority date | — |
| Expiry date | Jun 12, 2026 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F21/566
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
A malware detection system that determines whether an executable code module is malware according to behaviors exhibited while executing is presented. The malware detection system determines the type of code module and executes the code module in a behavior evaluation module for evaluating code corresponding to the code module's type. Some behaviors exhibited by the code module, while executing in the behavior evaluation module, are recorded as the code module's behavior signature. After the code module has completed its execution, the code module's behavior signature is compared against known malware behavior signatures stored in a malware behavior signature store. A determination as to whether the code module is malware is based on the results of the comparison.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.