System and method for detecting new malicious executables, based on discovering and monitoring characteristic system call sequences
US8332944B2 · kind B2 · utility
Inventors
Key dates
| Filing date | Feb 1, 2010 |
| Grant date | Dec 11, 2012 |
| Priority date | — |
| Expiry date | Feb 12, 2031 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F21/552
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
The invention relates to a method for detecting malicious executables, which comprises: in an offline training phase, finding a collection of system call sequences that are characteristic only to malicious files, when such malicious files are executed, and storing said sequences in a database; and, in runtime, for each running executable, continuously monitoring its issued run-time system calls and comparing with the stored sequences of system calls within the database to determine whether there exists a match between a portion of the sequence of the run-time system calls and one or more of the database sequences, and when such a match is found, declaring said executable as malicious.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.