Process profiling for behavioral anomaly detection
US8171545B1 · kind B1 · utility
Assignee
Inventors
Key dates
| Filing date | Feb 14, 2007 |
| Grant date | May 1, 2012 |
| Priority date | — |
| Expiry date | May 11, 2030 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F2221/033
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
An anomalous process behavior manager uses statistical information concerning running processes to detect and manage process behavioral anomalies. The anomalous process behavior manager collects per process statistical data over time, such as resource allocation statistics and user interaction statistics. Current collected statistical data is analyzed against corresponding historical statistical data to determine whether processes are behaving in expected ways relative to past performance. Appropriate corrective steps are taken when it is determined that a process is behaving anomalously. For example, the process's blocking exclusions can be revoked, the process can be uninstalled, the process and/or the computer can be scanned for malicious code, the user can be alerted and/or relevant information can be shared with other parties.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.