Patent · US Active

Apparatus and method for detection of malicious program using program behavior

US8245295B2 · kind B2 · utility

31Cited by

1References

17Claims

0Family size

Assignees

SAMSUNG ELECTRONICS CO., LTD. · KR
THE REGENTS OF THE UNIVERSITY OF MICHIGAN · US

Inventors

Taejoon Park · Seoul, KR
Kang G. Shin · Ann Arbor, US
Xin Hu · White Plains, US
Abhijit Bose · Ann Arbor, US

Key dates

Filing date	Apr 8, 2008
Grant date	Aug 14, 2012
Priority date	—
Expiry date	Aug 13, 2030

Classification

Technology area (CPC G)Physics
CPC primaryG06F21/56
WIPO fieldComputer technology
WIPO sectorElectrical engineering

Abstract

An apparatus and method of diagnosing whether a computer program executed in a computer system is a malicious program and more particularly, an apparatus and method of diagnosing whether a computer program is a malicious program using a behavior of a computer program, and an apparatus and method of generating malicious code diagnostic data is provided. The apparatus for diagnosing a malicious code may include a behavior vector generation unit which generates a first behavior vector based on a behavior signature extracted from a diagnostic target program; a diagnostic data storage unit which stores a plurality of second behavior vectors for a plurality of sample programs predetermined to be malicious or normal; and a code diagnostic unit which diagnoses whether the diagnostic target program is a malicious code by comparing the first behavior vector with the plurality of second behavior vectors.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.