Patent · US Active

Malware detection via network information flow theories

US8935782B2 · kind B2 · utility

1Cited by

4References

14Claims

0Family size

Assignee

International Business Machines Corporation · US

Inventors

Mihai Christodorescu · San Jose, US
Andrew Everett Davidson · Ramona, US
Reiner Sailer · Scarsdale, US
Wietse Z. Venema · Yorktown Heights, US

Key dates

Filing date	Feb 4, 2013
Grant date	Jan 13, 2015
Priority date	—
Expiry date	Mar 24, 2033

Classification

Technology area (CPC G)Physics
CPC primaryG06F21/55
WIPO fieldComputer technology
WIPO sectorElectrical engineering

Abstract

Access is obtained to a plurality of information flow theories for a plurality of malicious programs. The information flow theories include differences in information flows between the malicious programs, executing in a controlled environment, and information flows of known benign programs. Execution of a suspicious program is monitored by comparing runtime behavior of the suspicious program to the plurality of information flow theories. An alarm is output if the runtime behavior of the suspicious program matches at least one of the plurality of information flow theories.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.