Patent · US Active

Selective assessment of maliciousness of software code executed in the address space of a trusted process

US9336390B2 · kind B2 · utility

12Cited by

15References

30Claims

0Family size

Assignee

AO Kaspersky Lab · RU

Inventor

Mikhail A. Pavlyushchik · Moscow, RU

Key dates

Filing date	Jul 10, 2013
Grant date	May 10, 2016
Priority date	—
Expiry date	Feb 9, 2034

Classification

Technology area (CPC H)Electricity
CPC primaryH04L63/1441
WIPO fieldDigital communication
WIPO sectorElectrical engineering

Abstract

System and method for detection of malicious code injected into processes associated with known programs. Execution of processes in a computer system is monitored. From among the processes being monitored, only certain processes are selected for tracking. For each of the processes selected, function calls made by threads of the process are tracked. From among the tracked function calls, only those function calls which are critical function calls are identified. For each identified critical function call, program instructions that caused the critical function call are subjected to analysis to assess their maliciousness.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.