Heuristic malware detection

Assignee

• International Business Machines Corporation · US

Inventors

• Thomas Michael Bradicich · Apex, US
• Richard E. Harper · Chapel Hill, US
• William Joseph Piazza · Holly Springs, US

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06F21/552
• WIPO fieldComputer technology
• WIPO sectorElectrical engineering

Abstract

Embodiments of the present invention provide a method, system and computer program product for the heuristic malware detection. In one embodiment of the invention, a heuristic malware detection method can include merging a baseline inventory of file attributes for respective files from each client computing system in a community of client computing systems into a merged inventory. The method further can include receiving an updated inventory of file attributes in a current inventory survey from different ones of the client computing systems. Each received survey can be compared to the merged inventory, and in response to the comparison, a deviant pattern of file attribute changes can be detected in at least one survey for a corresponding client computing system. Thereafter, the deviant pattern can be classified as one of a benign event or a malware attack. Finally, malware removal can be requested in the corresponding client computing system if the deviant pattern is classified as a malware attack.