Behavioral-based host intrusion prevention system
US8776218B2 · kind B2 · utility
Assignee
Inventor
Key dates
| Filing date | Jul 21, 2009 |
| Grant date | Jul 8, 2014 |
| Priority date | — |
| Expiry date | Oct 25, 2030 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F21/566
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
In embodiments of the present invention improved capabilities are described for behavioral-based threat detection. An executing computer process is monitored for an indication of malicious behavior, wherein the indication of the malicious behavior is a result of comparing an operation with a predetermined behavior, referred to as a gene. A plurality of malicious behavior indications observed for the executing process are compared to a predetermined collection of malicious behaviors, referred to as a phenotype, which comprises a grouping of specific genes that are typically present in a type of malicious code. Upon matching the malicious behavior indications with a phenotype, an action may be caused, where the action is based on a prediction that the executing computer process is the type of malicious code as indicated by the phenotype. Related user interfaces, applications, and computer program products are disclosed.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.