Patent · US Active

Method and apparatus for modeling computer program behaviour for behavioural detection of malicious program

US8713680B2 · kind B2 · utility

3Cited by

7References

23Claims

0Family size

Assignees

SAMSUNG ELECTRONICS CO., LTD. · KR
THE REGENTS OF THE UNIVERSITY OF MICHIGAN · US

Inventors

Taejoon Park · Seoul, KR
Kang G. Shin · Ann Arbor, US
Xin Hu · White Plains, US
Abhijit Bose · Ann Arbor, US

Key dates

Filing date	Apr 18, 2008
Grant date	Apr 29, 2014
Priority date	—
Expiry date	Feb 22, 2030

Classification

Technology area (CPC G)Physics
CPC primaryG06F21/57
WIPO fieldComputer technology
WIPO sectorElectrical engineering

Abstract

A method and apparatus for modeling a behavior of a computer program that is executed in a computer system is described. The method and apparatus for modeling a behavior of a computer program may be used to detect a malicious program based on the behavior of the computer program. A method includes collecting system use information about resources of the computer system the computer program uses; extracting a behavior signature of the computer program from the collected system use information; and encoding the extracted behavior signature to generate a behavior vector. As a result, behaviors of a particular computer program may be modeled to enable a malicious program detection program and to determine whether the computer program is either normal or malicious.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.